[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Key Servers

To: "Mark W. Eichin" <[email protected]>
Subject: Re: Key Servers
From: "L. Detweiler" <[email protected]>
Date: Tue, 16 Nov 93 21:45:30 -0700
Cc: [email protected], [email protected]
In-Reply-To: Your message of "Sun, 14 Nov 93 01:02:05 EST." <[email protected]>

>Take it easy for a bit here... the key servers (by which I mean the
>PGP keyservers such as are run on toxicwaste.mit.edu and elsewhere)
>*don't provide any authentication*... all they provide is keys. If you
>trust a key because you got it from a key server, then you have
>perhaps misunderstood the concept of digital signatures -- you should
>be able to "validate" the key based on what's in it, not where you got
>it from.

Seems to me, MR EICHIN, that many people might be FLABBERGASTED to find
out that people are using PGP key servers for PSEUDOSPOOFING.

why is it that the policy that ANYTHING GOES is NOT MADE CLEAR in
KEYSERVER POLICY DOCUMENTS?

>the key servers (by which I mean the
>PGP keyservers such as are run on toxicwaste.mit.edu and elsewhere)
>*don't provide any authentication*

<gasp> I never noticed that name before... Perhaps this is what you
think qualifies as your disclaimer...

Follow-Ups:
- Re: Key Servers
  - From: Derek Atkins <[email protected]>

References:
- Key Servers
  - From: "Mark W. Eichin" <[email protected]>

Prev by Date: Re: Should we oppose the Data Superhighway/NII?
Next by Date: Quarantining Toxic Waste
Prev by thread: Key Servers
Next by thread: Re: Key Servers
Index(es):
- Date
- Thread