Modified user ids and key servers and a possible security risk?

Grant Olson kgo at
Wed Aug 25 21:28:35 CEST 2010

On 8/25/10 12:58 PM, Daniel Kahn Gillmor wrote:
> On balance, i think we should probably start considering adding crypto
> to keyservers, with the knowledge of these particular constraints.  But
> it's not there yet.
> As always, i'd be happy to hear other people's perspectives on this stuff.

Since this has come up a few times in the past months, I guess I'm
curious as to what the correct 'round-one' implementation of
cryptographically enabled key-servers would would be.  Is it:

(1) Verifying that the keydata hasn't been tampered with, like editing
in a hex editor?

(2) Only accepting keydata that has been signed by the key owner?

(3) Possibly accepting keydata signed by trusted keys, for example peer
keyservers that that also perform the same verifications?

(4) Possibly saving the signature as well, so peer keyservers can
optionally perform the same verification at step (2) when you sync?


Or am I totally off base here?


"I am gravely disappointed. Again you have made me unleash my dogs of war."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 559 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100825/557933ca/attachment.pgp>

More information about the Gnupg-users mailing list