[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pgp-keyserver-folk
Subject:    Re: [PGP-USERS] Strange Occurrence
From:       Ingmar Camphausen <ingmar () pca ! dfn ! de>
Date:       2000-04-14 14:28:32
[Download RAW message or body]

Dave Del Torto wrote on 2000-04-03:

> At 10:22 am -0500 2000-04-02, Peg N McCuaig wrote:
> >Is there any way that a keyserver could send a confirmation message
> >(much like listservs send requests for confirmation) to the address
> >included in the key prior to putting the key on the server? This would
> >stop a key from being added from someone who isn't sure about it, but
> >would also stop someone forging a key to someone's email.
> 
> Everyone please note Peg's suggestion. Non-trivial to implement,
> given the staleness of the addresses on most keys, and I still prefer
> owner-only updates to the keydb, but FWIW, this is an idea worth
> a few moments' discussion at the upcoming Symposium in the NL.

Let me add another related point for the discussions agenda:

If key/userID updates are to be approved by the key holder,
the synchronisation between the keyservers would have to be 
authenticated and integrity-protected in order to prevent
fraudulus or erraneous updates with un-approved keys/userIDs!

(Or the update would have to be approved for every server that
participates in the sync'ing -- but that would not be a realistic
alternative...)

	Ingmar

-- 
Ingmar Camphausen                                ingmar@pca.dfn.de
DFN-PCA                PGP key available on server or upon request
Vogt-Koelln-Str. 30                         http://www.pca.dfn.de/
D-22527 Hamburg, Germany            +49.40.42883-2262 / Fax: -2241

[prev in list] [next in list] [prev in thread] [next in thread]