keyserver spam

Johan Wevers johanw at xs4all.nl
Fri Dec 16 17:42:59 CET 2011


On 16-12-2011 16:51, gnupg at lists.grepular.com wrote:

> I understand that once you've uploaded something to the keyservers, it
> can't be removed. Eg, if I sign someone elses key and upload that, it
> will be attached to their key permanently?

Yes. Of course, you can remove it locally.

> What if someone were to generate say, 10,000 keypairs with "offensive"
> uid names, and then sign my key with each of them, and then upload that
> to the keyservers?

Then you might have a problem.

> Is there anything to stop that?

Not really.

> Has anything like this happened before?

The only thing that comes close is the keyserver at (I believe) pgp.com,
who issues a new signature every few months clogging your key with
expired signatures.

-- 
Met vriendelijke groet,

Johan Wevers



More information about the Gnupg-users mailing list