So PGP are now running a pgp key server which attempts to consilidate the inforamtion from the existing key servers, but screen it by ability to receive email at the address.
So they send you an email with a link in it and you go there and it displays your key userid, keyid, fingerprint and email address. Then it says: | Please verify that the email address on this key, [EMAIL PROTECTED], | is your email address, and is properly configured to send and | receive PGP secured email. | | If the information is correct, click 'Accept'. By clicking 'Accept', | your key will be published to the directory, where other PGP users | will be able to retrieve it in order to encrypt messages to you and | verify signed messages from you. | | If this information is incorrect, click 'Cancel'. By clicking | 'Cancel', this key will not be published. You may then submit | another key with the correct information. So here's the problem: it does not mention anything about checking that this is your fingerprint. If it's not your fingerprint but it is your email address you could end up DoSing yourself, or at least perpetuating a imposter key into the new supposedly email validated keyserver db. (For example on some key servers there are keys with my name and email that are nothing to do with me -- they are pure forgeries). Suggest they add something to say in red letters check the fingerprint AND keyid matches your key. Adam
