Modified user ids and key servers and a possible security risk?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Aug 26 01:50:07 CEST 2010
On 08/25/2010 07:45 PM, Chris Knadle wrote:
> There's a problem with this idea, which is that there's no opportunity to
> notify the client that there was a problem if the check is done /later/. If
> instead the computation is done at the time of the uploaded modification, then
> there's an opportunity for the server to notify the gpg client that there was
> a problem.
there's also a question of how it would affect the gossip protocol (that
is, server-to-server, not client-to-server), if one party declines to
accept some certifications.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 892 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users