[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Very funny, Polyanna :-( [namespace pollution]
:Isn't this really just a special case of the more general problem of
:deciding which keys on a public key ring you're willing to trust?
:Perhaps your mailer script should automatically encrypt only when a
:keyid is found with a signature trail that you trust.
No, that's a totally separate problem. What I'm worried about is
some comedian publishing a public key for addresses like
"[email protected]" or any of the common mailing
gateways, and suddenly people using auto-encrypting mail programs
find that no-one can read their posts.
It kind of throws a spanner in the works for completely transparent
pgp shells.
:I do see a signature for that key from Miron Cuperman. Perhaps
:you'd want to modify your trust parameters for him...
That's not the point; someday soon people will be using mailers
that auto-pgp without them even realising it. I don't want to
have to hassle those people with interactive questions about whether
they trust someone, or force them to maintain personal lists of
bad addresses.
Whatever solution we can find will have to involve active support
from the keyservers I suspect. thoth@netcom - I hope you're
listening to this! There's a definite problem of a denial-of-service
attack here that the current scheme makes hard to avoid. Hence why
I called it 'namespace pollution' in the subject line.
G