Modified user ids and key servers and a possible security risk?

MFPA expires2010 at ymail.com
Thu Aug 26 20:06:31 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 25 August 2010 at 8:38:44 PM, in
<mid:4C757144.90309 at sixdemonbag.org>, Robert J. Hansen wrote:


> On 8/25/10 2:37 PM, Daniel Kahn Gillmor wrote:
>> Keyervers receive relatively few new certifications each day, certainly
>> a small fraction of the number of requests they emit.

> Initial syncs would be prohibitive.  After that, syncs
> would probably not be too obnoxious, but the initial
> setup would just be awful.

Would the initial set-up have to involve immediately checking the UIDs
and certifications of all keys already on the server?

Could new/updated keys be prioritised, and unchanged pre-existing
keys "processed" in small batches over a long period of time?

Could the checking be restricted to new/updated keys only? Or is that
a non-starter because, in order to preserve the web of trust, you then
want to check the integrety of keys that had already signed the key
that was just updated but have not been updated themselves?


- --
Best regards

MFPA                    mailto:expires2010 at ymail.com

The second mouse gets the cheese
-----BEGIN PGP SIGNATURE-----

iQCVAwUBTHatKqipC46tDG5pAQrKqwP/VFPkPfFIX5uPq0T3pCJtdShiNAAwIvJ8
ZkKbLPBXXhLE81DM6QZ5vVZuWrcBX43aht3MiWnCFnJC+2kkATbXFmYPdYnyoJiy
0/9pGCSwe3td/hxxk8Tutd62HzGPUX2+tRkrX0btDMCi9FsmNnvxPlRqbWkin+jj
RfC3uFVeSZE=
=bki+
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list