The never-ending GD discussion, part 74 (was Re: Delete key from keyserver)

David Shaw dshaw at jabberwocky.com
Sun Oct 23 22:29:21 CEST 2005


On Sun, Oct 23, 2005 at 12:41:45PM -0700, Doug Barton wrote:
> David Shaw wrote:
> > On Sun, Oct 23, 2005 at 05:16:43PM +0100, Bob Henson wrote:
> 
> >>That's not the only reason though. The PGP Global Keyserver is dangerous, as
> >>well as a nuisance, for a number of reasons. As it only shows one key on a
> >>search for a users name, it might cause people to miss a revoked key and
> >>continue using it.
> > 
> > 
> > This is a misunderstanding about the Global Directory.  It does not,
> > is not designed to, and should not give more than one key for a given
> > email address. 
> 
> He didn't say e-mail address, he said name. :) I just checked this
> for myself, and if I type in "Doug Barton" I get the key that is
> tied to this e-mail address, but not the other key that I have
> uploaded to that server.  This actually explains a common complaint
> that I hear from PGP users about not being able to find that other
> key. So, this turns out to be very useful information, as I now know
> to tell them to search for my other key by e-mail address (which
> works, btw).

You always need to search the GD by email address.  Name searches
don't make sense there, as the GD only verifies the email address.
The name on the key is essentially a comment, with no more meaning
than any other comment.  It's a consequence of the design to handle
automated encryption - in that case, an email address may be all you
have to work with.

In any event, name or email address, the concern with missing a
revoked key is sort of a non sequitur as the GD doesn't store revoked
keys in the first place.

> I can see a lot of value in the model you described David, and I agree that
> at least having a key where the e-mail address has been verified, on a
> server where users actually have the ability to remove keys, is a good
> thing. On the other hand, I can see that every other "Doug Barton" in the
> world is at a significant disadvantage here, since I got there first. :)

Not necessarily.  If another Doug Barton comes along, he could just as
easily bump you out.

David



More information about the Gnupg-users mailing list