[OT] Re: useless test keys and keyservers

Erwan David erwan at rail.eu.org
Tue Mar 1 19:32:27 CET 2005


Le Tue  1/03/2005, Melissa Reese disait
> Hi Stewart,
> 
> On Tuesday, March 01, 2005, at 9:12:29 AM PST, you wrote:
> 
> > Well, it appears that someone (not me!) has submitted your key to a
> > keyserver for you. (Paraphrasing a famous quote) Whilst I don't
> > agree with your views on keyservers, I support your right to have
> > them. If it wasn't you that submitted it I think this is bad form
> > for whoever did it. :-(
> 
> Yes, one of my greatest disappointments with the current keyserver
> system is the ability of anyone to upload anyone else's keys.  I have
> several keys, associated with several different accounts, and while
> I've uploaded *one* of them to the keyservers myself, the rest were
> uploaded by others.  In some cases, after they've signed my keys with
> exportable signatures, though they don't know me, or my association
> with certain keys from a hole in the ground.  Is that really "good
> practice" in terms of "web of trust"?

There are 2 keys on keyservers which bear my name, but which I do not
own. Worse they are signed by several keys bearing the name of people
who know me, but those keys do not belong to them either.

However, if checks are done carefullly, nobody can trace those keys to
me through a sensible chain of signatures, leading to a personnally
verified key ownership.

-- 
Erwan



More information about the Gnupg-users mailing list