On Feb 26, 2010, at 1:30 PM, Grant Olson wrote:

> On 2/26/2010 12:38 PM, MFPA wrote:
>> 
>> I am *not* advocating the implementation of any form of
>> Digital Restrictions Malware (DRM).
>> 
>> Uploading a somebody else's key without first checking it is OK by
>> them is a breach of their privacy and could well be illegal/unlawful
>> in jurisdictions with data protection legislation (for example, if a
>> company published a customer's key, showing their name and/or email
>> address, to a server).
>> 
> 
> As a practical matter, even if your contacts agree to respect your
> wishes, it's still pretty easy for them to accidentally send it to the
> keyservers.  Perhaps mis-typing a command when they try to upload their
> own key.  Perhaps clicking the wrong button.  Perhaps because they just
> don't really know how gpg works and start typing random commands.

An interesting tidbit here is that the OpenPGP spec actually handles this 
accidental submission case.  There is a keyserver no-modify flag that can be 
set on a key, which requests that the keyserver reject any key that isn't 
submitted by the key owner.  Alas, while GnuPG supports the flag, no keyserver 
does.  (And in fact, supporting it would require a pretty significant redesign 
of the keyserver network).

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to