Duplicated User IDs arisen

Adrian 'Dagurashibanipal' von Bidder avbidder at fortytwo.ch
Wed Jul 7 09:08:58 CEST 2004

On Wednesday 30 June 2004 20.08, Neil Williams wrote:
> Users would need some sort of login and then be able to upload a
> changed key that would overwrite any existing copies.

Easy: just sign the whole key upload.

> Is it worth the bother?

I'd certainly use it. There are a few signatures that are worthless on 
my key (signatures by 'leaf keys' that I know are not in use anymore, 
one person signed my key without verifying anything), so I would remove 
them from the published key.

The important thing is:
If a key is revoked, it stays revoked. Users can perhaps delete all 
signatures or add new key components, but the revocation cert (and the 
key parts that depends on) MUST NOT be deleted. Without this 
functionality, the keyserver is a security problem.
Also: everybody must be able to upload a revocation certificate - 
perhaps I (as the key owner) have lost the secret key (or whatever is 
required to change a key on the keyserver) and am uploading the 
emergency revocation cert that I prepared for just this case.

-- vbi

Operator! Trace this call and tell me where I am.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 331 bytes
Desc: signature
Url : /pipermail/attachments/20040707/7a872792/attachment.bin

More information about the Gnupg-users mailing list