[prev in list] [next in list] [prev in thread] [next in thread]
List: pgp-keyserver-folk
Subject: Re: [PGP-USERS] Strange Occurrence
From: Ingmar Camphausen <ingmar () pca ! dfn ! de>
Date: 2000-04-14 14:28:32
[Download RAW message or body]
Dave Del Torto wrote on 2000-04-03:
> At 10:22 am -0500 2000-04-02, Peg N McCuaig wrote:
> >Is there any way that a keyserver could send a confirmation message
> >(much like listservs send requests for confirmation) to the address
> >included in the key prior to putting the key on the server? This would
> >stop a key from being added from someone who isn't sure about it, but
> >would also stop someone forging a key to someone's email.
>
> Everyone please note Peg's suggestion. Non-trivial to implement,
> given the staleness of the addresses on most keys, and I still prefer
> owner-only updates to the keydb, but FWIW, this is an idea worth
> a few moments' discussion at the upcoming Symposium in the NL.
Let me add another related point for the discussions agenda:
If key/userID updates are to be approved by the key holder,
the synchronisation between the keyservers would have to be
authenticated and integrity-protected in order to prevent
fraudulus or erraneous updates with un-approved keys/userIDs!
(Or the update would have to be approved for every server that
participates in the sync'ing -- but that would not be a realistic
alternative...)
Ingmar
--
Ingmar Camphausen ingmar@pca.dfn.de
DFN-PCA PGP key available on server or upon request
Vogt-Koelln-Str. 30 http://www.pca.dfn.de/
D-22527 Hamburg, Germany +49.40.42883-2262 / Fax: -2241
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic