Jonathan Wilkes writes: > Furthermore, couldn't I periodically query every publicly accessible > PGP keyserver (maybe do it in a distributed manner) to see who > signed what, and then mirror that web of trust with the keys I > control? > > Furthermore, couldn't I also upload keys with same name/email > addresses for any keys that existed before I started, lie about the > creation date, and work those into my hall of mirrors?
Micah Lee's OHM talk addressed these problems: https://program.ohm2013.org/event/113.html https://github.com/micahflee/trollwot https://github.com/micahflee/trollwot/blob/master/trollwot.pdf (It doesn't really propose solutions, just highlights the problems very well.) -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.