Bogus Key on Keyservers
David Shaw
dshaw at jabberwocky.com
Thu Oct 13 23:13:41 CEST 2005
On Thu, Oct 13, 2005 at 01:26:15PM -0500, Tad Marko wrote:
> If someone creates a key that LOOKS like I created it (my name and
> email address) and uploads it to the keyservers, how can I either get
> rid of it or somehow flag my own key in such a way that it is clear
> which is the real one?
If you use the PGP global directory (ldap://keyserver.pgp.com) as your
keyserver, you can, since it checks the email address by sending mail
to it.
On other keyservers, you can't do this. This is what the web of trust
is for; your real key would have signatures proving that it is yours.
David
More information about the Gnupg-users
mailing list