PGP global directory cruft in keyservers
Henrik O A Barkman
h-bar at skenbe.net
Wed Sep 7 17:22:22 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>To my knowledge, the PGP GD doesn't sync with anyone. It would be
>>interesting to know how/where these signatures are leaking into the
>>keyserver net.
>
> Probably some PGP users who are "automagically" synchronising their
> entire keyrings with multiple keyservers, leaking keys that their owners
> would rather not have on the keyservers in the process :(
That would have to be very zealous users, since I once found PGP GD signatures
on one of my keys when I checked it on the SKS network. At the time, that key
was known only by me, the SKS servers and the PGP GD.
What users would download keys at random?
- --
$\hbar$ -- http://skenbe.net/h-bar/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDHwWtQbA0YmDQIJURAr/1AKDMRnrldVIXflsE0V49HB6KQDUeIwCfWcyp
jKE0IuwyLm9ma58R0OmDxWM=
=SRF3
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list