On Mon, Sep 22, 2008 at 02:42:19PM -0400, David Newman wrote: > Hi there, > I received a signature on my public key from an unknown key. Is there a > way that I can mark the signature as suspect, i.e. that I did not verify > that this person verified my identity, in a way that can be re-uploaded > to keyservers?
Alas, no. There is a part of the OpenPGP spec, the keyserver no-modify flag, that can be set to inform a keyserver that only the keyholder is allowed to update the key on the keyserver. GnuPG sets this flag by default, but unfortunately no keyserver currently implements it, so anyone can update a key on a keyserver if they like. (The PGP keyserver doesn't implement the flag, but it restricts updates to the keyholder via other means). That said, this is really an aesthetic problem, and not a trust problem. The web of trust ultimately takes care of bad signatures as those people who issue them will eventually get marked as untrustworthy. I have a few mystery signatures on my key as well. No real harm - just ignore them. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
