[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Servers



>Take it easy for a bit here... the key servers (by which I mean the
>PGP keyservers such as are run on toxicwaste.mit.edu and elsewhere)
>*don't provide any authentication*... all they provide is keys. If you
>trust a key because you got it from a key server, then you have
>perhaps misunderstood the concept of digital signatures -- you should
>be able to "validate" the key based on what's in it, not where you got
>it from.

Seems to me, MR EICHIN, that many people might be FLABBERGASTED to find
out that people are using PGP key servers for PSEUDOSPOOFING.

why is it that the policy that ANYTHING GOES is NOT MADE CLEAR in
KEYSERVER POLICY DOCUMENTS?

>the key servers (by which I mean the
>PGP keyservers such as are run on toxicwaste.mit.edu and elsewhere)
>*don't provide any authentication*

<gasp> I never noticed that name before... Perhaps this is what you
think qualifies as your disclaimer...