Exposing email addresses on key servers
reynt0 at cs.albany.edu
Tue Jun 30 01:27:11 CEST 2009
On Sun, 28 Jun 2009, Werner Koch wrote:
. . .
>> really stop us from putting invalid email address in the UID, so is
> Before doing so, you should evaluate whether it is still worth the
> trouble. Without an email address most people would not bother to send
> you an encrypted message.
. . .
I guess WK's comment is about complete strangers sending you
email? But if you think of keyservers as serving a function
also of secondary verification of keys which somebody can get
by some other way, then what would count is the UID information
being *whatever* might help someone find your key on the
keyserver and help confirm that the key they had gotten some
other way really is your key. Is that a correct way to think?
More information about the Gnupg-users