On Jan 27, 2012, at 8:52 PM, John Clizbe wrote:

> Peter Lebbing wrote:
> 
>> And a curious person with a mean streak might sign a key with an obscured 
>> e-mail
>> address with a signature saying "this is the key for 
>> expires2...@rocketmail.com"
>> }:-]. Which is verifiable by hashing the e-mail address. And once "keyserver
>> no-modify" is implemented, he'll create a website with a dump of all the
>> unobscured e-mail addresses, just because he can. He's like that once he sees
>> something that's obscured but not really blinded.
> 
> Having keyservers support no-modify requires that they first support crypto.
> That's a really big step.
> 
> To my knowledge, no one is working on such an initiative in SKS or any other
> keyserver.
> 
> I believe LDAP is the only platform that presently can handle no-modify, but
> does keyserver.pgp.com even support it? I don't recall that it does.

It does not support it.  With keyserver.pgp.com, it's sort of as if no-modify 
is always on, but in a limited sense: the keyserver will only allow new user 
IDs or a new key from the key owner (though enforced via "who can read email at 
your address", rather than cryptographically), but it allows anyone whose key 
is on keyserver.pgp.com to sign a key and send the update to the keyserver.  So 
you can always sign someone else's key if you desire.

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to