Modified user ids and key servers and a possible security risk?

Robert J. Hansen rjh at
Wed Aug 25 19:19:04 CEST 2010

On 8/25/10 12:58 PM, Daniel Kahn Gillmor wrote:
> keyservers do no cryptographic verification whatsoever.  I think this is
> (historically) for several reasons:

[good reasons 0-3 skipped]

4) Asymmetric cryptography is computationally expensive.  I would not
want to think about the CPU load of a keyserver that did verification of
every new certificate, user id, user attribute, etc., etc.

More information about the Gnupg-users mailing list