[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP public key servers are NOT useful!

To: [email protected]
Subject: Re: PGP public key servers are NOT useful!
From: "Perry E. Metzger" <[email protected]>
Date: Wed, 07 Aug 1996 12:37:22 -0400
In-reply-to: Your message of "Mon, 05 Aug 1996 22:52:01 PDT." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

John Anonymous MacDonald writes:
> The problem with the PGP public key servers is that
> one has absolutely no control over what gets uploaded there in one's
> own name.

Thats why people are supposed to use the web of trust to check the
keys. You claim to make your key available by finger. How do you know
that Mallet isn't switching the bits as they go down the wire to your
correspondants? The only way to verify a key is to check known good
signatures on it. Because of this, no security is needed on key
storage facilities per se -- you aren't supposed to trust keys without
signatures.

Geesh. I thought this was obvious. I guess not.

Perry

Follow-Ups:
- Re: PGP public key servers are NOT useful!
  - From: Amnesia Anonymous Remailer <[email protected]>

References:
- PGP public key servers are NOT useful!
  - From: John Anonymous MacDonald <[email protected]>

Prev by Date: Oregen Vehicle Database on the Net
Next by Date: Re: Apple people on the li
Prev by thread: PGP public key servers are NOT useful!
Next by thread: Re: PGP public key servers are NOT useful!
Index(es):
- Date
- Thread