On 2011-12-17 14:54, gn...@lists.grepular.com wrote: >> What about keys without an email in the UID? > > For the first issue regarding uploading keys, you wouldn't be able to do > email validation on a key that doesn't have an email address in the UID. > At the same time, for those keys, you wouldn't need to, as no email > spoofing has taken place, so that's not an issue...
Spoofing is prevented through the WoT. It's not the responsibility of the keyserver. >> What prevents me from signing your key and distributing the signature in >> some other way? > > Nothing. The subject at hand is problems with the keyservers. Any other > distribution mechanism is irrelevant. I'll pose this differently: Why should the keyserver check with you that you allow the signature to be uploaded? Why would you want to prevent me from uploading the signature to an e.g. SKS keyserver, but not generally from distributing it? (After all, the keyserver is checking with you, you are controlling the upload, so it must be in your interest. This isn't about the keyserver being flooded, it's that you don't like me distributing this signature.) Also note that SKS keyservers (and IIRC all common keyservers besides the PGP ones?) don't do crypto operations on the OpenPGP packets. They only handle the format, and only to merge the set of sub-packets. IIRC. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- nameserver 217.79.186.148 nameserver 178.63.26.172 http://opennicproject.org/ -- No situation is so dire that panic cannot make it worse.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
