PGP public key servers are NOT useful!

Perry E. Metzger perry at piermont.com
Thu Aug 8 14:01:41 PDT 1996



Amnesia Anonymous Remailer writes:
> The web of trust just certifies that the key belongs to someone.  If
> you'd read to the end of the message, you would have seen that I was
> not complaining about the key certification process in PGP.  At issue is
> NOT whether a key can be trusted to belong to someone, but whether or
> not random people should be able to tag others' PGP keys with crap.

You still don't get it, do you?

It doesn't matter what random idiots tag onto your key so long as
there is no trust path between the user of the key and the idiot who
tagged stuff on. If someone signs "grand wizard of the KKK" onto your
key, what do you care if no one trusts the signator who attached the
crap?

> What I want to prevent is some person I dislike uploading his
> signature on my key (particularly if he adds another ID to my key and
> signs that).

Why do you care?

> How would you like it if I added a new ID to your key containing sort
> of insult, certified that ID, and uploaded the new signature to the
> key servers.

I wouldn't give a flying rat's buttocks, because unless the signatures
are widely trusted the information is noise.

Perry






More information about the cypherpunks-legacy mailing list