On Jan 27, 2012, at 8:52 PM, John Clizbe wrote: > Peter Lebbing wrote: > >> And a curious person with a mean streak might sign a key with an obscured >> e-mail >> address with a signature saying "this is the key for >> expires2...@rocketmail.com" >> }:-]. Which is verifiable by hashing the e-mail address. And once "keyserver >> no-modify" is implemented, he'll create a website with a dump of all the >> unobscured e-mail addresses, just because he can. He's like that once he sees >> something that's obscured but not really blinded. > > Having keyservers support no-modify requires that they first support crypto. > That's a really big step. > > To my knowledge, no one is working on such an initiative in SKS or any other > keyserver. > > I believe LDAP is the only platform that presently can handle no-modify, but > does keyserver.pgp.com even support it? I don't recall that it does.
It does not support it. With keyserver.pgp.com, it's sort of as if no-modify is always on, but in a limited sense: the keyserver will only allow new user IDs or a new key from the key owner (though enforced via "who can read email at your address", rather than cryptographically), but it allows anyone whose key is on keyserver.pgp.com to sign a key and send the update to the keyserver. So you can always sign someone else's key if you desire. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users