Bogus Key on Keyservers
Neil Williams
linux at codehelp.co.uk
Thu Oct 13 22:12:11 CEST 2005
On Thursday 13 October 2005 7:26 pm, Tad Marko wrote:
> If someone creates a key that LOOKS like I created it (my name and
> email address) and uploads it to the keyservers, how can I either get
> rid of it
You can't. You need to rely on the fingerprint - that is the only unique
identifier for any key.
It's quite unlikely that they would generate a key with the same userid and
the same short key ID (8 characters) and most email clients now will display
the 16 character ID which makes it even less likely. There are duplicates out
there of the last 8 characters (0xDEADBEEF is the most common) but not of the
longer 16 character ID.
(short keyID is the last 8 characters of the fingerprint, longer the last 16
etc.)
> or somehow flag my own key in such a way that it is clear
> which is the real one?
Any change you make to your key could be mirrored by whoever created the other
key. Use the fingerprint, that's what it is for.
--
Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20051013/f9da24fe/attachment.pgp
More information about the Gnupg-users
mailing list