[Sks-devel] stripping GD sigs (was: Re: clean sigs)

[Alphax]

David Shaw wrote:
> On Sun, Sep 11, 2005 at 09:27:54PM +0200, Johan Wevers wrote:
> 
>>David Shaw wrote:
>>
>>
>>>I have sympathy for that argument, so wouldn't it be good to trace
>>>down where the sigs are entering the keyserver net, and ask whoever is
>>>doing it to stop?  It seems like the obvious first step.
>>
>>Assuming this is possible at all. I don't know exctly what keyservers log,
>>but I'd assume that making the links GD sig upload -> IP address -> email
>>address is not trivial.
> 
> 
> It wasn't an idle suggestion.  You can assume that I do, in fact, know
> that this is possible, or I wouldn't have suggested it.  Why on earth
> an email address is relevant here I have no idea.  You don't need
> anything more than the IP address.
> 
> I made the suggestion as a challenge.  The trace is not actually going
> to happen, as it is far, far more entertaining to complain and moan
> about the GD than it would be to see who is bridging the signatures.
> 

It has been suggested that automatically retrieving keys from keyservers
can expose your IP to the keyserver manager, as all they have to do is
generate a new key, send it to you, and wait until someone downloads
that key...

It seems likely that sigs from the GD are entering via one of two ways:
firstly, individuals putting their keys on the global directory, and
then sending their keys with GD sigs out to SKS keyservers; secondly,
someone doing a 2-way synchronisation of their entire keyring with both
the GD and the SKS network.

-- 
Alphax                      |   /"\
Encrypted Email Preferred   |   \ /     ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613  |    X   Against HTML email & vCards
http://tinyurl.com/cc9up    |   / \