> If you can trick a user into importing a package that hinders > distribution of the keyblock
This should be prevented by client implementations, why would they ever import a non-verifying self-cert? > believes it gets uploaded to keyserver with the modified packet but at > that point it is rejected? Well, they obviously should check the upload hasn't been suppressed by other means :) - V _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel