Modified user ids and key servers and a possible security risk?

Daniel Kahn Gillmor dkg at
Thu Aug 26 01:50:07 CEST 2010

On 08/25/2010 07:45 PM, Chris Knadle wrote:
> There's a problem with this idea, which is that there's no opportunity to 
> notify the client that there was a problem if the check is done /later/.  If 
> instead the computation is done at the time of the uploaded modification, then 
> there's an opportunity for the server to notify the gpg client that there was 
> a problem.

there's also a question of how it would affect the gossip protocol (that
is, server-to-server, not client-to-server), if one party declines to
accept some certifications.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100825/5f221005/attachment.pgp>

More information about the Gnupg-users mailing list