PGP public key servers are NOT useful!
Perry E. Metzger
perry at piermont.com
Wed Aug 7 16:44:08 PDT 1996
John Anonymous MacDonald writes:
> The problem with the PGP public key servers is that
> one has absolutely no control over what gets uploaded there in one's
> own name.
Thats why people are supposed to use the web of trust to check the
keys. You claim to make your key available by finger. How do you know
that Mallet isn't switching the bits as they go down the wire to your
correspondants? The only way to verify a key is to check known good
signatures on it. Because of this, no security is needed on key
storage facilities per se -- you aren't supposed to trust keys without
signatures.
Geesh. I thought this was obvious. I guess not.
Perry
More information about the Testlist
mailing list