This IS about GD - a proposal on dealing with the problem
alphasigmax at gmail.com
Sun Sep 11 09:12:52 CEST 2005
Zeljko Vrba wrote:
> Pawel Shajdo wrote:
>>I think this is public more keyservers design problem than GD. Keyserver
>>should accept new signatures only from key owner.
> Hm, maybe to define a "key upload format" which must be signed with the
> uploaded key itself (analogon of PKCS#10)? Of course, the public key
> itself should have some flag set to "signed upload only" so that the
> server doesn't accept it without the corresponding signature.
However, the keyserver would then have to verify the signature of the
uploading key... how much of an extra burden would this be?
Alphax | /"\
Encrypted Email Preferred | \ / ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards
http://tinyurl.com/cc9up | / \
More information about the Gnupg-users