Hello, Through my searches online and looking at g10/getkey.c, it seems that when multiple keys exist with the same name/email/etc., gpg will use the first one that it finds in the database. Is this correct?
If so, suppose an attacker inserted a fake key with my details into an HKP keyserver. What should I do? Keys could be returned in any order, and HKP gives no indication of when they were last updated, so the client can't separate them that way. Is there an obvious way to deal with this that I'm missing, or once a false key is uploaded is it game-over, and I just have to hope that people will be able to work out which is which through other means? Apologies if this is covered in the documentation and I have failed to find it in my reading. Thanks, Lachlan
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users