after looking at the deluid some more, found that any user's uid can be deleted from the public key, and that this appears to be open-pgp behavior
this can be useful when someone has many outdated uid's, and the user wants only the one with the current 'real' e-mail address, and wants to delete all the other ones still, this could lead to some abuse, since a user could intentionally delete the 'real' uid from someone's public key, leave an outdated one, and either publicly post the key , or upload that key to a new keyserver that did not have it before, and an unsuspecting user, verifying that key with its signatures and fingerprint, receives misleading information about the key wouldn't it be better where the deluid could be 'local only/non-exportable' for user convenience, but would require a key-owner to make deletions (obviously cannot be implemented retro-actively, but maybe whenever the keyserver system is modified, it might be another issue to consider) tia, vedaal Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
