* Jonathan Wilkes: > If I were so inclined couldn't I periodically query every > publicly accessable PGP keyserver (maybe do it in a distributed > manner) and upload a new key with the same name/email address as what > was added since the last time I checked?
Yes, key servers generally do not try to build a web of trust, so they cannot weed out bad keys. This is supposed to happen on the clients, but the UI for that is generally poor, and obviously this doesn't scale in the face of a concerted attack. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
