Steve wrote on 7/31/11 10:52 AM:
> Hey Tim, Ignoramus, Charly et all, concerning spam: as a positive
> example take this mailing list. We
> require no sign-up process to write to this list and yet we only
> received 3-4 spam mails over the last year. Of course spammers could
> crawl key servers for mail addresses but that doesn't seems to have
> happened so far and I don't know if that is easily possible.
> And even if a spam problem should arise, there are filters that can
> bput to work in such a case.
>
> I personally prefer open and transparent then closed. But that is
> just me and does (of course) not apply to every aspect of my personal life.
>
> It does though apply to my public key.
>
> Cheers, steve
Thank you Steve for including me in the distribution of your e-mail.
I believe that public keys should be uploaded to a keyserver. That's why
they are public.
But it remains the sole privilege of the key owner to upload her/his
key, or not. I know many people who have not uploaded their key to a
keyserver, but sent it directly to persons whom they *trust* and wish to
maintain encrypted or signed e-mail correspondence.
It is not spam I am concerned when uploading a public key block to a
keyserver. Spammers who are really interested in harvesting e-mail
addresses will find their own way to achieve their goals and really do
not need the keyservers.
What I am concerned with is the possibility that ignorant or
ill-intended people will download my public key block to their computer,
and either sign it and upload it to a key server without my knowledge
(because they are *ignorant* of the GnuPG etiquette), or use the
information (User ID) to create their own key faking my identity
("man-in-the-middle").
The latter possibility (to fake my identity) is to be taken into
consideration, and the risk should be taken.
But I prefer to avoid the first possibility, i.e. having my key signed
and uploaded to a keyserver, without my invitation or knowledge, by some
one who is ignorant or oblivious of GnuPG etiquette.
As for requesting to expressly sign-up for a mailing list, I believe it
is good practice that should be enforced. Here too, it is the sole
privilege of the list owner/maintainer/moderator/mom to request
registration. GPGTools.org does not request registration, it is their
privilege.
Thank you for your attention and have a fine week,
Charly
_______________________________________________
gpgtools-users mailing list
[email protected]
FAQ: http://www.gpgtools.org/faq.html
Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users
Unsubscribe:
http://lists.gpgtools.org/mailman/options/gpgtools-users/[email protected]?unsub=Unsubscribe&unsubconfirm=1
This email sent to: [email protected]
