Keyserver doesn't honour signature removal
John W. Moore III
jmoore3rd at bellsouth.net
Sun Apr 12 18:25:11 CEST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Dominik George wrote:
> that is, I can add anything I want to my key, but never remove it? Not
> even signatures?
This is Correct! Upload a Key with signatures removed and as soon as
that Keyserver 'refreshes' during the next round of updating from all
other Keyservers it is linked to the removed signatures are restored.
End of story!
> I understand that I cannot remove keys, but I think any changes that
> require my secret key would be ok :( ...
Err.... How? The only time Your passphrase is required is when You are
a revoking a Signature You, yourself, made. Your Secret Key isn't, or
shouldn't be, on the Keyservers. Anybody can Sign Your Key and upload
it to the Keyservers whenever they desire. Your Public Key is in the
public domain. This is why some folks maintain a listing of their
clean, desired Key on Big Lumber or the PGP GD. With Big Lumber only
You may access Your listed Key to make 'changes' and with PGP GD any
uploaded Key requires verification of each UID email address via a
Ping/Pong challenge before it is listed for dissemination.
Timestamp: Sunday 12 Apr 2009, 12:25 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4979: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage: http://tinyurl.com/yzhbhx
-----END PGP SIGNATURE-----
More information about the Gnupg-users