Duplicated User IDs arisen
David Shaw
dshaw at jabberwocky.com
Thu Jun 17 05:04:02 CEST 2004
On Wed, Jun 16, 2004 at 07:49:31PM -0400, gabriel rosenkoetter wrote:
> On Wed, Jun 16, 2004 at 12:01:06PM +0200, Christoph Probst wrote:
> > Why is noone updating these servers? I mean, yes, they are not
> > totally broken but still unuseable for some people.
>
> Because the function software, SKS, requires a somewhat obscure
> build and runtime environment, which makes it difficult for people
> who don't know the (also obscure) programming language in question
> to audit it, which makes it questionable, in certain people's eyes,
> in a security application.
I strongly disagree with this logic. It's somewhat silly, as one of
the main points of public key cryptography is that the key
distribution channel does not have to be secure. Who cares if a
keyserver is hacked up one side and down the other? Unless it is
hacked to the point of not being able to give out a key, this does not
affect the security of OpenPGP.
> Why jharris's patches for the much more common (and written in a
> commonly used language) PKS haven't been applied to the main source
> tree there would be a question for the maintainers of that keyserver
> software.
Ask jharris. He refuses to release the patches. Not that it matters
terribly much - PKS is dead, victim of a changing world.
David
More information about the Gnupg-users
mailing list