PGP global directory cruft in keyservers
Alphax
alphasigmax at gmail.com
Wed Sep 7 12:17:12 CEST 2005
David Shaw wrote:
> On Tue, Sep 06, 2005 at 01:36:37PM -0500, John Clizbe wrote:
>
>>Kurt Fitzner wrote:
>>
<snip>
>>gpg --edit-key <keyID> clean
>>
>>And setting the clean-sigs and clean-uids options on import-options,
>>export-options, and keyserver-options are our only defense until then.
>>
>>Like you, I refreshed from a SKS server and found 120 new sigs on my key,
>>ALL PGP Universal Keyserver.
>
>
> To my knowledge, the PGP GD doesn't sync with anyone. It would be
> interesting to know how/where these signatures are leaking into the
> keyserver net.
>
Probably some PGP users who are "automagically" synchronising their
entire keyrings with multiple keyservers, leaking keys that their owners
would rather not have on the keyservers in the process :(
--
Alphax | /"\
Encrypted Email Preferred | \ / ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards
http://tinyurl.com/cc9up | / \
More information about the Gnupg-users
mailing list