Modified user ids and key servers and a possible security risk?
Robert J. Hansen
rjh at sixdemonbag.org
Wed Aug 25 19:19:04 CEST 2010
On 8/25/10 12:58 PM, Daniel Kahn Gillmor wrote:
> keyservers do no cryptographic verification whatsoever. I think this is
> (historically) for several reasons:
[good reasons 0-3 skipped]
4) Asymmetric cryptography is computationally expensive. I would not
want to think about the CPU load of a keyserver that did verification of
every new certificate, user id, user attribute, etc., etc.
More information about the Gnupg-users