Use of public key servers

David Shaw dshaw at jabberwocky.com
Fri Apr 9 04:57:57 CEST 2004


On Thu, Apr 08, 2004 at 09:04:04PM -0500, Russell Valentine wrote:
> Hi,
> 
> I've posted my public key on a public key server a while ago. A friend 
> of mind was trying to explain to me that public key servers are useless 
> and bad. His arguments where:
> 
> 1) You can't prove a key from the public key server is really that 
> persons public key, you still have to validate it some way. So you can 
> get the key personally from that person in some way and at that time 
> validate the key. Instead of using the key even thought it might not be his.

All true.  However, note the existence of phone books and directory
assistance.  It is convenient to be able to look people up in one
place, rather than asking everyone for their key individually.

> 2) It allows evil people get to get data from the public key servers and 
> do malicious things with it (Such as spammers with email addresses, or 
> possibly know a username for a account on some server that hosts the email.)

Hasn't happened yet.  Isn't likely to happen for various technical
reasons, the simplest being that for a spammer, scraping addresses off
of the web or usenet is so trivial, why bother with something
difficult?

David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 330 bytes
Desc: not available
Url : /pipermail/attachments/20040408/9ac67ba8/attachment.bin


More information about the Gnupg-users mailing list