[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] About deleting keys
|
From: |
Kristian Fiskerstrand |
|
Subject: |
Re: [Sks-devel] About deleting keys |
|
Date: |
Tue, 29 Oct 2013 23:15:05 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 10/29/2013 11:04 PM, dirk astrath wrote:
> Hello Kristian,
>
...
.
>
>>> If there is no private key needed and no verification done
>>> everybody can generate keys with every combination of name and
>>> email-adress, generated at random dates and upload them to the
>>> keyservers. And if everybody is able to generate and publish
>>> fake keys everybody can build up fake web of trust.
>> This is why you have key validation requirements and
>> signatures/certification. The existence of a key doesn't bind
>> that key to a specific individual, no matter what the UID says.
>
> Wrong ... the unique email-adress is the problem .. which is
> usually in the UID of the key.
>
This isn't too relevant from a security perspective wrt a "fake web of
trust" but seems more like a response wrt privacy questions. Keys have
to be validated (typically involving certification) before use!
- --
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
Bene diagnoscitur, bene curatur
Something that is well diagnosed can be cured well
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.0-beta255 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJScDNpAAoJEAt/i2Dj7frjIUkP/1W8ATAQvJQDWoXY+lasL3Df
jWgtMQXtzXjCUdVrZp1Uzkwi6U764GU8vPIf1kp7+yyuAOO2jW8wsgaY1ZbWXAkF
w6ZiYoXSRB3tqTDPTpHvOlamxAya017hjbHGYWEp352fEXd/J9N4WkPf2H7npYAk
2oJyXe09K9VuUrtNS6vXOQ9Dneycwch8pqfNVnlNloWLuOsZ+u0iHgSaOO1UlQnd
ENkAxwEdlOXFbjfFMjpWoGSLVpYQjWm4RnC9DKSwAEGL2wCIqcZURLpvMLOr7wuK
PkvrXwpkGgwYu5nMuOwHOMsWNXBSLfIUb4D+3Drdh8SNZE89SgWzBkZZvivo05E1
BEeXtNTqIzyp87xsYGW1z3N6qomFA9Ll02ZwJkPC0wet97qxdD84+qp+yKmSBFt7
6wLTApNF67MHeDRCz9O3uJ/FGkobZ8w0avyr4h9Djal5ami7iLjq5tk1nfFFOIHj
7USNT7tBZ48Ud8AUGjUxyzD38YwMcVIUV79fh2QBY7hGHhQa9QyQEO3WXyNEDyAV
PKAow3hTYG07zAgb59Yb5vTSsqZUfpFcg/FpL4SnpR1WPz5vUcQjNCHp98mB6Qaa
Any73qvEMSfE4Lq1I96Hki96/5t2i3AWDrV5qJaB/wiTZEYlQVZLl4fp/AWqXZ3r
twEXpRNPEpKzsJPTTMrH
=//3J
-----END PGP SIGNATURE-----
- [Sks-devel] About deleting keys, Kiss Gabor (Bitman), 2013/10/29
- Re: [Sks-devel] About deleting keys, Arnold, 2013/10/29
- Re: [Sks-devel] About deleting keys, David Benfell, 2013/10/29
- Re: [Sks-devel] About deleting keys, Kiss Gabor (Bitman), 2013/10/29
- Re: [Sks-devel] About deleting keys, Kristian Fiskerstrand, 2013/10/29
- Re: [Sks-devel] About deleting keys, Arnold, 2013/10/29
- Re: [Sks-devel] About deleting keys, Kristian Fiskerstrand, 2013/10/29
- Re: [Sks-devel] About deleting keys, dirk astrath, 2013/10/29
- Re: [Sks-devel] About deleting keys, Kristian Fiskerstrand, 2013/10/29
- Re: [Sks-devel] About deleting keys, dirk astrath, 2013/10/29
- Re: [Sks-devel] About deleting keys,
Kristian Fiskerstrand <=
- Re: [Sks-devel] About deleting keys, dirk astrath, 2013/10/29
- Re: [Sks-devel] About deleting keys, Kristian Fiskerstrand, 2013/10/29
- Re: [Sks-devel] About deleting keys, Arnold Schekkerman, 2013/10/30
- Re: [Sks-devel] About deleting keys, Arnold, 2013/10/29
- Re: [Sks-devel] About deleting keys, Kristian Fiskerstrand, 2013/10/29
- Re: [Sks-devel] About deleting keys, Arnold, 2013/10/29
- Re: [Sks-devel] About deleting keys, Kristian Fiskerstrand, 2013/10/29
Re: [Sks-devel] About deleting keys, Johan van Selst, 2013/10/30