Garbled data in keyservers
stefan.claas at posteo.de
Thu Dec 6 14:05:37 CET 2018
On Thu, 06 Dec 2018 11:42:32 +0100, Werner Koch wrote:
> On Thu, 6 Dec 2018 10:22, stefan.claas at posteo.de said:
> > As long as we have the option to add additional UID's to a key my
> You can't add an UID to a key without having a signature from the
> primary key. If the keyservers accept that any OpenPGP implementation
> will simply skip such an UID.
Understood. Please check this example, a key with with plenty of data,
which only needs to be extracted.
> > People then would only need a little program to dearmor and
> > extract the data from that key UID's.
> But they can't search for it on public servers. Thus there is no gain
> here. If you require a dedicated program anyway, that program can
> anyway consult one of the Tor hidden servers. But no search engine
> will show it.
That's right, but my thought is / was someone can (ab)use key servers
as data storage / retrieval system and then only provides the key id
in a link.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 228 bytes
Desc: Digitale Signatur von OpenPGP
More information about the Gnupg-users