This IS about GD - a proposal on dealing with the problem
Alphax
alphasigmax at gmail.com
Sun Sep 11 09:12:52 CEST 2005
Zeljko Vrba wrote:
> Pawel Shajdo wrote:
>
>>I think this is public more keyservers design problem than GD. Keyserver
>>should accept new signatures only from key owner.
>>
>
>
> Hm, maybe to define a "key upload format" which must be signed with the
> uploaded key itself (analogon of PKCS#10)? Of course, the public key
> itself should have some flag set to "signed upload only" so that the
> server doesn't accept it without the corresponding signature.
>
However, the keyserver would then have to verify the signature of the
uploading key... how much of an extra burden would this be?
--
Alphax | /"\
Encrypted Email Preferred | \ / ASCII Ribbon Campaign
OpenPGP key ID: 0xF874C613 | X Against HTML email & vCards
http://tinyurl.com/cc9up | / \
More information about the Gnupg-users
mailing list