David Shaw wrote: > On Sun, Sep 11, 2005 at 09:27:54PM +0200, Johan Wevers wrote: > >>David Shaw wrote: >> >> >>>I have sympathy for that argument, so wouldn't it be good to trace >>>down where the sigs are entering the keyserver net, and ask whoever is >>>doing it to stop? It seems like the obvious first step. >> >>Assuming this is possible at all. I don't know exctly what keyservers log, >>but I'd assume that making the links GD sig upload -> IP address -> email >>address is not trivial. > > > It wasn't an idle suggestion. You can assume that I do, in fact, know > that this is possible, or I wouldn't have suggested it. Why on earth > an email address is relevant here I have no idea. You don't need > anything more than the IP address. > > I made the suggestion as a challenge. The trace is not actually going > to happen, as it is far, far more entertaining to complain and moan > about the GD than it would be to see who is bridging the signatures. >
It has been suggested that automatically retrieving keys from keyservers can expose your IP to the keyserver manager, as all they have to do is generate a new key, send it to you, and wait until someone downloads that key... It seems likely that sigs from the GD are entering via one of two ways: firstly, individuals putting their keys on the global directory, and then sending their keys with GD sigs out to SKS keyservers; secondly, someone doing a 2-way synchronisation of their entire keyring with both the GD and the SKS network. -- Alphax | /"\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards http://tinyurl.com/cc9up | / \ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
