Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
Key server question
lhecking at nmrc
Dec 8, 1999, 11:57 AM
Post #1 of 2 (491 views)
Permalink
I installed GPG a few months ago and created a test key, mainly to
play around with.

To my big surprise, I discovered today that this key is now on the
key servers! How did it get there?

Does the keyserver directive in ~/.gnupg/options go both ways, or should
I assume that one of the individuals I made my key available to under
the condition not to publicise it did just that? Maybe accidentally?

There is no harm in my key being there, I'm just wondering how it
got there.
Re: Key server question [ In reply to ]
wk at gnupg
Dec 8, 1999, 12:36 PM
Post #2 of 2 (474 views)
Permalink
On Wed, Dec 08, 1999 at 06:57:41PM +0000
Lars Hecking wrote:

> Does the keyserver directive in ~/.gnupg/options go both ways, or should
> I assume that one of the individuals I made my key available to under
> the condition not to publicise it did just that? Maybe accidentally?

Probably yes.

ObenPGP has a flag defined that only the holder of a key is allowed to
upload the key to a keyserver and GnuPG sets this flag. However, the
HKP Server (pgp.net) do not have a way to check it.

Pretty nice DoS: Create some hundred keys with a friends name and
uplod them to the servers. If someone wnats to get your firends key
he will have some problems to figure out the right one.


--
Werner Koch at guug.de www.gnupg.org keyid 621CC013

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal