Zeljko Vrba wrote: > Pawel Shajdo wrote: > >>I think this is public more keyservers design problem than GD. Keyserver >>should accept new signatures only from key owner. >> > > > Hm, maybe to define a "key upload format" which must be signed with the > uploaded key itself (analogon of PKCS#10)? Of course, the public key > itself should have some flag set to "signed upload only" so that the > server doesn't accept it without the corresponding signature. >
However, the keyserver would then have to verify the signature of the uploading key... how much of an extra burden would this be? -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
