keyserver spam

gnupg at lists.grepular.com gnupg at lists.grepular.com
Sat Dec 17 14:23:18 CET 2011


On 16/12/11 19:07, vedaal at nym.hush.com wrote:

> What if keyservers were to limit the amount of keys generated or 
> uploaded to a 'reasonable' amount which no 'real' user would 
> exceed?
> 
> (i.e. 10/day, or some other number discussed and agreed upon by the 
> various keyservers?)

You could still successfully mess with someone by signing their key with
offensive or spammy content ten times a day.

I find it strange that the keyservers don't do any sort of email
validation before accepting key submissions and that they just allow
anyone to upload signatures for your key without verifying if you want
to allow them first.

This sort of problem just seems inevitable to me.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111217/99e707dd/attachment.pgp>


More information about the Gnupg-users mailing list