1993-11-17 - Re: Key Servers

Header Data

From: “L. Detweiler” <ld231782@longs.lance.colostate.edu>
To: “Mark W. Eichin” <eichin@paycheck.cygnus.com>
Message Hash: 7e079f7492a16ebc3c5a2385c7bdad28996393db0c776326ea8986412adf97f8
Message ID: <9311170445.AA26434@longs.lance.colostate.edu>
Reply To: <9311140602.AA03621@paycheck.cygnus.com>
UTC Datetime: 1993-11-17 04:46:00 UTC
Raw Date: Tue, 16 Nov 93 20:46:00 PST

Raw message

From: "L. Detweiler" <ld231782@longs.lance.colostate.edu>
Date: Tue, 16 Nov 93 20:46:00 PST
To: "Mark W. Eichin" <eichin@paycheck.cygnus.com>
Subject: Re: Key Servers
In-Reply-To: <9311140602.AA03621@paycheck.cygnus.com>
Message-ID: <9311170445.AA26434@longs.lance.colostate.edu>
MIME-Version: 1.0
Content-Type: text/plain


>Take it easy for a bit here... the key servers (by which I mean the
>PGP keyservers such as are run on toxicwaste.mit.edu and elsewhere)
>*don't provide any authentication*... all they provide is keys. If you
>trust a key because you got it from a key server, then you have
>perhaps misunderstood the concept of digital signatures -- you should
>be able to "validate" the key based on what's in it, not where you got
>it from.

Seems to me, MR EICHIN, that many people might be FLABBERGASTED to find
out that people are using PGP key servers for PSEUDOSPOOFING.

why is it that the policy that ANYTHING GOES is NOT MADE CLEAR in
KEYSERVER POLICY DOCUMENTS?

>the key servers (by which I mean the
>PGP keyservers such as are run on toxicwaste.mit.edu and elsewhere)
>*don't provide any authentication*

<gasp> I never noticed that name before... Perhaps this is what you
think qualifies as your disclaimer...





Thread