On Thu, Oct 13, 2005 at 09:39:00PM -0700, Eric wrote: > On Thu, 2005-10-13 at 13:26 -0500, Tad Marko wrote: > > If someone creates a key that LOOKS like I created it (my name and > > email address) and uploads it to the keyservers, how can I either get > > rid of it or somehow flag my own key in such a way that it is clear > > which is the real one? > > You can't. That's like asking how you can stop other people from > printing out badges that say "I am Tad Marko" and pinning them to their > shirts.
I'm not asking for that. I want them to not say that a given key goes to [EMAIL PROTECTED] > Besides, if you could do that, what would stop someone else from > deleting YOUR key off of the keyserver or flagging THEIR key as the real > Tad Marko? An email verification step? > It sounds like your real concern is how you can stop your friends from > inadventently getting the wrong key and accidentally encrypting messages > to someone pretending to be you. Close...I simply want to minimize confusion. > GPG and PGP don't care about names -- they only care about public keys. > If you want someone to be able to send a message to the right person, > you need to make sure they're encrypting it with the right public key. > > You do this by telling them your key's signature before they go looking > on the keyserver. Right. But, an email verified mechanism for removing keys stamped with an email address seems like an important omission from the key server system. Tad _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
