keyserver spam

Erik Loosman hj at loosman.org
Sat Dec 17 14:26:43 CET 2011


I have uploaded my key to a keyserver at pgp.com: upload a key to their
keyserver requires a verification by e-mail. Every id (e-mailaddress) in
your key receives an e-mail. Respond to one of those e-mails (clicking
link) to verify you issued the key replacement. But when (one of) your
e-mail account(s) has been compromised, it could still happen.

Erik Loosman

OpenPGP: 0x7374C641 at keyserver2.pgp.com


On 12/16/2011 04:51 PM, gnupg at lists.grepular.com wrote:
> I understand that once you've uploaded something to the keyservers, it
> can't be removed. Eg, if I sign someone elses key and upload that, it
> will be attached to their key permanently?
>
> What if someone were to generate say, 10,000 keypairs with "offensive"
> uid names, and then sign my key with each of them, and then upload that
> to the keyservers? Is there anything to stop that? Is there anything to
> stop a spammer generating a key with their URL in the uid name and then
> signing every key they can find and uploading that to the keyservers?
>
> Has anything like this happened before?
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20111217/a1f1acaa/attachment.htm>


More information about the Gnupg-users mailing list