On 12/16/2011 10:51 AM, gn...@lists.grepular.com wrote: > I understand that once you've uploaded something to the keyservers, it > can't be removed. Eg, if I sign someone elses key and upload that, it > will be attached to their key permanently?
yes, this is correct. :( > What if someone were to generate say, 10,000 keypairs with "offensive" > uid names, and then sign my key with each of them, and then upload that > to the keyservers? Is there anything to stop that? nope. flooding like this is currently possible. :( > Is there anything to > stop a spammer generating a key with their URL in the uid name and then > signing every key they can find and uploading that to the keyservers? nope, this is also possible. :( > Has anything like this happened before? well, there's the JBARSE key, which i vaguely recall having been created in a joking way to threaten character assassination, but i can't find any keys that it has actually signed, nor any documentation to explain why i have this recollection, so please take with a grain of salt. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users