[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP public key servers are NOT useful!
John Anonymous MacDonald writes:
> The problem with the PGP public key servers is that
> one has absolutely no control over what gets uploaded there in one's
> own name.
Thats why people are supposed to use the web of trust to check the
keys. You claim to make your key available by finger. How do you know
that Mallet isn't switching the bits as they go down the wire to your
correspondants? The only way to verify a key is to check known good
signatures on it. Because of this, no security is needed on key
storage facilities per se -- you aren't supposed to trust keys without
signatures.
Geesh. I thought this was obvious. I guess not.
Perry