Take it easy for a bit here... the key servers (by which I mean the PGP keyservers such as are run on toxicwaste.mit.edu and elsewhere) *don't provide any authentication*... all they provide is keys. If you trust a key because you got it from a key server, then you have perhaps misunderstood the concept of digital signatures -- you should be able to "validate" the key based on what's in it, not where you got it from.
Seems to me, MR EICHIN, that many people might be FLABBERGASTED to find out that people are using PGP key servers for PSEUDOSPOOFING. why is it that the policy that ANYTHING GOES is NOT MADE CLEAR in KEYSERVER POLICY DOCUMENTS?
the key servers (by which I mean the PGP keyservers such as are run on toxicwaste.mit.edu and elsewhere) *don't provide any authentication*
<gasp> I never noticed that name before... Perhaps this is what you think qualifies as your disclaimer...