Delete key from keyserver

Realos realos at loftmail.com
Thu Oct 27 11:42:43 CEST 2005


>>
>> I don't understand why.  If you trust the association of the Name and
>> key, how/why would having an email address in there as well improve
>> the
>> trust?
>
>It's not an issue of improving the trust, it's an issue of
>disambiguation.  In my case, there are many different David Shaws out
>there, including a furniture designer in New Zealand, a Pulitzer prize
>winning journalist in the US, and a former MP for Dover in the UK.
>I'm none of these.  There are at least 19 David Shaws on the keyserver
>net as well, not including me.  My email address globally indicates
>which David Shaw I am.
>


Well, it still may make sense using a free-form UID. Imagine a David
Shaw from London has created a free-form UID which is signed by Jack
upon checking his personal ID card. Now this Davin Shaw adds a new
UID with email address to it, Jackcould now also challenge/response
the listed email address. After such a successful check he can
successfully associate that email address with David Shaw from London
as only he possesses the private key and could have decrypted the
message.

I think it does not matter whether there are 10 or only 1 David Shaws
listen of server if you know which key you have verfied.

But as far as I know this concept is not taken into consideration in
current gpg implementations.


-- 
Realos



More information about the Gnupg-users mailing list