On 8/25/10 12:58 PM, Daniel Kahn Gillmor wrote: > > On balance, i think we should probably start considering adding crypto > to keyservers, with the knowledge of these particular constraints. But > it's not there yet. > > As always, i'd be happy to hear other people's perspectives on this stuff. >
Since this has come up a few times in the past months, I guess I'm curious as to what the correct 'round-one' implementation of cryptographically enabled key-servers would would be. Is it: (1) Verifying that the keydata hasn't been tampered with, like editing in a hex editor? (2) Only accepting keydata that has been signed by the key owner? (3) Possibly accepting keydata signed by trusted keys, for example peer keyservers that that also perform the same verifications? (4) Possibly saving the signature as well, so peer keyservers can optionally perform the same verification at step (2) when you sync? ? Or am I totally off base here? -- Grant "I am gravely disappointed. Again you have made me unleash my dogs of war."
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
