On Apr 15, 2009, at 8:35 AM, Chris Hills wrote:
On 14/04/09 14:32, Werner Koch wrote:
No. The Net never forgets. A keyservers will never remove
signatures
because signatures go into the key validation computation and thus
removing signatures would change the validity of your key.
Signatures
are also used for revocations.
Hypothetically, if a key is signed using another key which contains
a jpg image of something illegal in the keyserver's location, what
then? It would seem to me that the only option would be to remove
the keyserver from the keyserver network.
Yes, this has been pointed out in the past. The attack that I came up
with was a bit different - use the keyserver net as your porn/warez/
kiddie porn/etc distribution point. Just upload keys with whatever
you like embedded in them. The keyserver net takes care of
distribution for you, and your "customers" can download your material
from whichever keyserver they like (or run their own keyserver and get
content synced to them on a regular basis).
David
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
