Garbled data in keyservers
Stefan Claas
stefan.claas at posteo.de
Thu Dec 6 14:05:37 CET 2018
On Thu, 06 Dec 2018 11:42:32 +0100, Werner Koch wrote:
> On Thu, 6 Dec 2018 10:22, stefan.claas at posteo.de said:
>
> > As long as we have the option to add additional UID's to a key my
>
> You can't add an UID to a key without having a signature from the
> primary key. If the keyservers accept that any OpenPGP implementation
> will simply skip such an UID.
Understood. Please check this example, a key with with plenty of data,
which only needs to be extracted.
https://pgp.circl.lu/pks/lookup?op=get&search=0x73253A1F090C53B6
> > People then would only need a little program to dearmor and
> > extract the data from that key UID's.
>
> But they can't search for it on public servers. Thus there is no gain
> here. If you require a dedicated program anyway, that program can
> anyway consult one of the Tor hidden servers. But no search engine
> will show it.
That's right, but my thought is / was someone can (ab)use key servers
as data storage / retrieval system and then only provides the key id
in a link.
Regards
Stefan
--
https://www.behance.net/futagoza
https://keybase.io/stefan_claas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: Digitale Signatur von OpenPGP
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181206/10b9f69f/attachment.sig>
More information about the Gnupg-users
mailing list