On 08/22/2010 03:54 AM, C.J. Adams-Collier KF7BMP wrote: > On Sat, 2010-08-21 at 22:37 +0200, Christoph Anton Mitterer wrote: >> On Mon, 2010-08-09 at 12:54 -0400, C.J. Adams-Collier wrote: >>> Cool. Could you sign something for me so's I have a relatively strong >>> indication that you own the pub key I will associate with the server? >>... >> What I did,... and what should be even a better prove that the key >> belongs to the owner of the server is: >> >> I've added a file at: >> http://scientia.net/adams-collier.keyinfo >> which contains the fingerprint + my name. >> ... > No. And I advise all others to avoid peering with you until you can > prove that you own the private key that will be associated with the > keyserver.
Why? Keys and certificates identify persons, not ownership of a server. Whether or not you trust the signers of the key or certificate is up to you. For the server, all he can do is prove he has sufficient access rights (which he offered and is also inherent to modifying the membership file). Or you can contact the domain owner offline (using WHOIS information). But then, why won't you peer with an anonymously operated server? In some countries that might be necessary. After all, each public key a key server provides, should initially be regarded as 'untrusted'. The only thing I'm interested in is if the server is operated by a sufficiently skilled administrator. Something certificates won't tell. > http://apps.leg.wa.gov/rcw/default.aspx?cite=19.34.210 This is a national law / ruling applicable to just one country. It is useless in the rest of the world (ref. art. 3a, for example) and not applicable to PGP-keys, as they are not depending on a certification authority to be valid for the user. Arnold
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel