-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From: "Stefan Kelm" <[EMAIL PROTECTED]> > This is of particular danger when it comes to keyservers, since the key > information itself is usually considered as highly trustworthy.
Absolutely not. Keyservers are wide open public repositories. They can, and do, contain arbitrary garbage. Users should only trust material that they can verify through signatures or direct contact. Moreover, clients should only be generating well-formed URLs for key lookups. What am I missing? -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPMRMGVMkvpTT8vCGEQKSRQCgi3Uvj/w4wAtFsBzM0Yt+CglxTj0AoNCj vADEMPSTqze3uqdKfLUp3JyT =IXGp -----END PGP SIGNATURE-----
