On 2011-12-17 16:17, David Shaw wrote: > It's an interesting server, with different semantics than the > traditional keyserver net that we were talking about earlier. Most > significantly, it emails the keyholder (at the address on the key) > before accepting the key into the server. It also signs keys that > are submitted to it, which allows people to leverage this email > checking in their own trust calculations, but can also "litter" keys > with repeated signatures. If I recall, it is (or perhaps was) the > default keyserver for PGP installations.
I doubt the validity of those automated checks and checks on the email anyway. What constitutes "owning" f...@example.com? To legitimately verify this you would need to look at the domain history, conclude who the legit owner of the domain is, contact that owner and then follow the delegation chain to reach a real person. Any technological solution to the problem is easy to compromise: Accounts can be compromised, domains stolen, DNS isn't safe either and the mail server could be penetrated. The only way to know if someone legitimately uses a given email address is to verify the _human_ delegation chain. A computer cannot do that in the current setup. -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA -- nameserver 217.79.186.148 nameserver 178.63.26.172 http://opennicproject.org/ -- No situation is so dire that panic cannot make it worse.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
