On 2004-12-16T05:50:22-0500, Adam Back wrote:
> 
> So PGP are now running a pgp key server which attempts to consolidate
> the inforamtion from the existing key servers, but screen it by
> ability to receive email at the address.
> ...
> So here's the problem: it does not mention anything about checking
> that this is your fingerprint.

What about the fact that they're tying key validity to valid email
addresses, when the two have nothing to do with each other?  A key does
not need to have an associated email address, or the latter could be
purposely incorrect.

If this is their idea of key verification, they're going to exclude
perfectly legitimate keys from this new database.

Reply via email to