Several questions as feedback on gnupg

[Mark Brown]

On Wed, Jan 23, 2002 at 04:45:10PM +0100, Loic Bernable wrote:

> - I've been told the different running keyservers do not support the
>   deletion of an uid. Do anyone can confirm this point ? Where can I
>   found the latest version of keyserver software used at this time ?

If you think about it you don't want to delete the UID anyway - removing
it from the keyservers does nothing to invalidate copies in people's
keyrings.  Uploading a revocation certificate for the UID does that and
distributing it.

> - A friend of mine pointed out the problem that may occur with persons
>   who have a common name and surname. Let's suppose your name is "John Doe
>   jd@yahoo.com". Now, imagine there is another John Doe, that generates
>   a GnuPG key with *your* email address. If someone meets the latest,
>   they could check his ID or driving license or whatsoever, but finally
>   there would be no way for him to know it is *not* the John Doe related
>   to the "jd@yahoo.com" address, and worse, John "Charlie" Doe's key
>   would be legitimately signed by the third person, not yours. Is that
>   clear enough ? :o) This can still be a problem ... Maybe one day we
>   will have a thumbprint analysis tool that would complete our public
>   key recording ?

When validating the user ID you should validate the whole of the user
ID, including the e-mail address portion.  Methods like showing that 
encrypted mail to the e-mail address in the UID can be read could be
used.

-- 
"You grabbed my hand and we fell into it, like a daydream - or a fever."