On Sat, Oct 22, 2005 at 06:26:51PM +0200, B. Kuestner wrote: > all: Joe Smith has no way of fixing the situation, even if he is > legitimate owner of the [EMAIL PROTECTED] e-mail address. > > It strikes me, that GNU-supporters would bash MS (or for that reason > any vendor of proprietary software) for dishing out once more a > thoughtless, immature and insecure software design. > > I understand it must not be simple to revoke or disable keys. But it > shouldn't be impossible either, especially in the light of anybody's > capability to put public keys under my name on the server. > > Am I missing something? > > >It's an inherent scaling problem of the keyserver net. I've > >seen estimates that the majority of the keys on the keyserver net are > >not used for one reason or another, but can't be deleted. Even with > >the garbage keys, the keyserver database isn't too large to be served > >though. > > Well, my issue is not so much with the keyservers. I guess with > faster and more hardware this scheme could be maintained for decades. > > But if the keyservers are not directories to look up public keys, > then what are they? And if they are meant as directories, how good > are they if they are flooded with garbage keys. > > >The PGP company is running a different sort of keyserver at > >http://keyserver.pgp.com. This type of keyserver allows you to remove > >keys if you can prove (by answering an email challenge) that you have > >access to the email address on the key. This keyserver obviously does > >not synchronize with the others, however. > > Can gpg use this keyserver? It is listed in the settings of my MacPG.
GPG can use this keyserver. Just set: keyserver ldap://keyserver.pgp.com in your gpg.conf file (or whatever GUI you happen to be using). > Is using this server recommendable for everybody? This is a harder question. I would unhesitatingly recommend it for beginning users. It's also useful for any level user who wants to simplify the whole key selection process - it guarantees there is only one key per email address. If you want to mail to a particular address, there is no question which is the "right" key, as there is only the one key there. I believe it is also the default keyserver for PGP users. Some people do not like this server as it does email address verification (via sending a mail to the email address on the key, if any), and then signs the key. These signatures are reissued every 2 weeks or so if people keep requesting the key. The list of signatures can get long. Both PGP and GPG have features to delete the expired ones. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
