Bogus Key on Keyservers

Eric erpo41 at hotpop.com
Fri Oct 14 06:39:00 CEST 2005


On Thu, 2005-10-13 at 13:26 -0500, Tad Marko wrote:
> If someone creates a key that LOOKS like I created it (my name and
> email address) and uploads it to the keyservers, how can I either get
> rid of it or somehow flag my own key in such a way that it is clear
> which is the real one?

You can't. That's like asking how you can stop other people from
printing out badges that say "I am Tad Marko" and pinning them to their
shirts.

Besides, if you could do that, what would stop someone else from
deleting YOUR key off of the keyserver or flagging THEIR key as the real
Tad Marko?

It sounds like your real concern is how you can stop your friends from
inadventently getting the wrong key and accidentally encrypting messages
to someone pretending to be you.

GPG and PGP don't care about names -- they only care about public keys.
If you want someone to be able to send a message to the right person,
you need to make sure they're encrypting it with the right public key. 

You do this by telling them your key's signature before they go looking
on the keyserver.

Eric





More information about the Gnupg-users mailing list