Exposing email addresses on key servers

reynt0 reynt0 at cs.albany.edu
Tue Jun 30 01:27:11 CEST 2009

On Sun, 28 Jun 2009, Werner Koch wrote:
  . . .
>> really stop us from putting invalid email address in the UID, so is
> Before doing so, you should evaluate whether it is still worth the
> trouble.  Without an email address most people would not bother to send
> you an encrypted message.
  . . .

I guess WK's comment is about complete strangers sending you
email?  But if you think of keyservers as serving a function 
also of secondary verification of keys which somebody can get
by some other way, then what would count is the UID information
being *whatever* might help someone find your key on the
keyserver and help confirm that the key they had gotten some
other way really is your key.  Is that a correct way to think?

More information about the Gnupg-users mailing list