[Sks-devel] stripping GD sigs (was: Re: clean sigs)

Alphax alphasigmax at gmail.com
Mon Sep 12 08:13:37 CEST 2005

David Shaw wrote:
> On Sun, Sep 11, 2005 at 09:27:54PM +0200, Johan Wevers wrote:
>>David Shaw wrote:
>>>I have sympathy for that argument, so wouldn't it be good to trace
>>>down where the sigs are entering the keyserver net, and ask whoever is
>>>doing it to stop?  It seems like the obvious first step.
>>Assuming this is possible at all. I don't know exctly what keyservers log,
>>but I'd assume that making the links GD sig upload -> IP address -> email
>>address is not trivial.
> It wasn't an idle suggestion.  You can assume that I do, in fact, know
> that this is possible, or I wouldn't have suggested it.  Why on earth
> an email address is relevant here I have no idea.  You don't need
> anything more than the IP address.
> I made the suggestion as a challenge.  The trace is not actually going
> to happen, as it is far, far more entertaining to complain and moan
> about the GD than it would be to see who is bridging the signatures.

It has been suggested that automatically retrieving keys from keyservers
can expose your IP to the keyserver manager, as all they have to do is
generate a new key, send it to you, and wait until someone downloads
that key...

It seems likely that sigs from the GD are entering via one of two ways:
firstly, individuals putting their keys on the global directory, and
then sending their keys with GD sigs out to SKS keyservers; secondly,
someone doing a 2-way synchronisation of their entire keyring with both
the GD and the SKS network.

Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \

More information about the Gnupg-users mailing list