[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: mailing list pgp signatures...

Hash: SHA1

On 07/13/09 14:21, quoth Mikkel L. Ellertson:

> You know, there is a simple fix to this - someone that has G's
> public key could upload it to a keyserver. <evil>Now, if someone
> wanted to be nasty, they could upload a fake public key with his
> email address. Then if there is anything to SPAMmers mining the
> keyservers for e-mail addresses, the would get the flood of SPAM
> anyway.</evil>

Two wrongs don't make a right. Another established part of the etiquette is to
never upload someone else's key without explicit permission. Lots of
keyservers don't do subkeys and you don't really have the implicit permission
to overwrite signatures on those machines. To do so would be at least as rude
as not publishing a public key that's needed to verify a signature in a public
mailing list.

- --
Time flies like the wind. Fruit flies like a banana. Stranger things have  .0.
happened but none stranger than this. Does your driver's license say Organ ..0
Donor?Black holes are where God divided by zero. Listen to me! We are all- 000
individuals! What if this weren't a hypothetical question?
steveo at syslang.net
Version: GnuPG v2.0.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]