Modified user ids and key servers and a possible security risk?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Aug 26 01:50:07 CEST 2010
On 08/25/2010 07:45 PM, Chris Knadle wrote:
> There's a problem with this idea, which is that there's no opportunity to
> notify the client that there was a problem if the check is done /later/. If
> instead the computation is done at the time of the uploaded modification, then
> there's an opportunity for the server to notify the gpg client that there was
> a problem.
there's also a question of how it would affect the gossip protocol (that
is, server-to-server, not client-to-server), if one party declines to
accept some certifications.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100825/5f221005/attachment.pgp>
More information about the Gnupg-users
mailing list