On Fri, 8 Jul 2016 09:49, [email protected] said: > with someone injecting the evil32 keys into the keyserver network it will > only be a matter of time until someone signs one of these by accident.
I can't see how someone can accidentally sign a key. We do that key signing abracadabra for more than 2 decades and all clients I have seen make it pretty clear that you need to compare the fingerprint. If you believe that someone does not check the fingerprint of a key before they sign it, you should definitely set their ownertrust to _never_. This way keys they sign are not considered in the WoT. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. /* Join us at OpenPGP.conf <https://openpgp-conf.org> */
