The never-ending GD discussion, part 74 (was Re: Delete key from keyserver)

David Shaw dshaw at
Sun Oct 23 19:27:05 CEST 2005

On Sun, Oct 23, 2005 at 05:16:43PM +0100, Bob Henson wrote:

> > Some people do not like this server as it does email address
> > verification (via sending a mail to the email address on the key, if
> > any), and then signs the key.  These signatures are reissued every 2
> > weeks or so if people keep requesting the key.  The list of signatures
> > can get long.  Both PGP and GPG have features to delete the expired
> > ones.

> That's not the only reason though. The PGP Global Keyserver is dangerous, as
> well as a nuisance, for a number of reasons. As it only shows one key on a
> search for a users name, it might cause people to miss a revoked key and
> continue using it.

This is a misunderstanding about the Global Directory.  It does not,
is not designed to, and should not give more than one key for a given
email address.  The GD says "This is the key.  Period.  There is no
other key.  Take this key and use it.  Have A Nice Day.".  The goal of
the GD is specifically NOT to say, "This is the key.  Here are a few
more keys.  Well, here's another one that the person may or may not
have lost the passphrase for.  Oops, found another one.  And this one
too.  Now figure out which one, if any, you should use!"

It always amuses me that people complain bitterly about the GD storing
one key per email address, but don't complain, for example, about
people putting their key up on a web page.  After all, they may
contain only one key, and might cause people to miss a revoked key. ;)

> The "verification" is dangerous in itself, since people may rely on
> the server signature for trust - which is not a good idea for
> obvious reasons - anyone could upload a key from a particular
> address, and e-mail verification *alone* is of little value.

Completely untrue.  For the huge majority of users, email verification
is sufficient.  The GD is one-stop shopping for them: they get a
single key that points to an email address that has been checked.
Sure beats 3-4 keys on the keyserver and having to parse out the web
of trust to see which one to use... only to find that more than one
was in the web of trust, pick one anyway, and then hope the key owner
didn't lose the passphrase or just stopped using encryption.

Remember that the people who subscribe to this mailing list and have
any knowledge of the web of trust are not in any way the huge majority
of users.  We're a miniscule blip on top of a near nothingness.

You assert that e-mail verification alone is of little value.  I
disagree.  I challenge you to make a key with my email address and get
the GD to accept it.  Let me know when you succeed.


More information about the Gnupg-users mailing list