Garbled data in keyservers

Dirk Gottschalk dirk.gottschalk1980 at googlemail.com
Sun Dec 9 21:36:50 CET 2018


Hi Stefan.

Am Sonntag, den 09.12.2018, 21:13 +0100 schrieb Stefan Claas:
> On Sun, 09 Dec 2018 20:55:36 +0100, Dirk Gottschalk wrote:
> 
> Hello Dirk,
> 
> > That I mentioned in the other reply I have sent a few seconds ago.
> > 
> > > right? A key which would bear a CA sig would imho not have such
> > > additional and funny UID's or sigs, because it would make the key
> > > owner look a bit stupid, i would say.  
> > 
> > No. The signatures on a key are nor related to each other. A funni
> > signature could be backdated before the signature by the CA were
> > made.
> > Who's the stupid now, in the eyes of the user seeing this? ^^
> 
> Do you really think a user with a CA sig would do that, with my
> proposals i have made?

Yes, for sure. With a backdated signature the CA could be blamed in the
eyes of some not so firm users. Even if it's only for this purpose.

First the UID problem should be fixed and then a similar mechanism for
the signatures could be introduces. This would fix the well known
problems and no CA would be needed. That is unrelated to the CA's for
"assurance" which are not a really bad idea, but it has nothing to do
with the flaws in the key servers and even wouÄt be a fix for this.

Regards,
Dirk

-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB  B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181209/a658e0f9/attachment.sig>


More information about the Gnupg-users mailing list