Garbled data in keyservers

Werner Koch wk at
Thu Dec 6 09:03:32 CET 2018

On Wed,  5 Dec 2018 19:56, stefan.claas at said:

> Well, my understanding would be that a least one (search) criteria
> would be needed to fetch a key, right? And if so i could also imagine

Right, the fingerprint.  And maybe the long keyid for a transitional
period because not all software already includes the fingerprint in the

> that this one criteria could be abused as well, in form of a given
> link to that resource, as long as it can be fetched via the web.

Being able to search for a fingerprint does not allow you to search for
the latest blockbuster movie to get a torrent link.  Thus there is no
incentive to use the keyservers as an index and running a keyserver will
be safer for most operators.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list