On 12/20/2016 07:41 PM, Daniel Kahn Gillmor wrote: > scenario (a) doesn't matter -- the keyservers simply won't propagate > that modified cert, which is fine, because it's not actually Alice's > self-sig anyway.
How wouldn't this matter? If you can trick a user into importing a package that hinders distribution of the keyblock , and then later on the user revokes the keyblock and believes it gets uploaded to keyserver with the modified packet but at that point it is rejected? -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- Quidquid latine dictum sit, altum videtur. Anything said in Latin sounds profound
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel