1994-05-26 - My 2.3a Key is listed as a 2.6 (Aaargh!)

Header Data

From: hughes@ah.com (Eric Hughes)
To: cypherpunks@toad.com
Message Hash: 98ee73b0c5fe8c513d6d6b8fc85d18655ef6a82a818871dcce8ef8c9d26320f9
Message ID: <9405261505.AA21318@ah.com>
Reply To: <9405260835.AA24935@toad.com>
UTC Datetime: 1994-05-26 15:00:08 UTC
Raw Date: Thu, 26 May 94 08:00:08 PDT

Raw message

From: hughes@ah.com (Eric Hughes)
Date: Thu, 26 May 94 08:00:08 PDT
To: cypherpunks@toad.com
Subject: My 2.3a Key is listed as a 2.6 (Aaargh!)
In-Reply-To: <9405260835.AA24935@toad.com>
Message-ID: <9405261505.AA21318@ah.com>
MIME-Version: 1.0
Content-Type: text/plain


   Maybe  we should request to remove our keys?

Unfortunately, it wouldn't do much good.  The keyservers have no
exclude list, so even if they removed it, someone could reload it back
onto the keyserver and it would reappear.

This flaw is not, at root, a flaw with the keyservers but a flaw with
the key distribution in PGP.  You can't have a public key be anything
other than completely public, that is, you can't restrict the
distribution of a key in any way.

Why might not a key be made public?  The publication of a key sends a
message, and the message is this: "An identity of this name exists".
If you're worried about traffic analysis, you might well also be
concerned that there is knowledge that a particular key is being used
at all.  If you don't want everybody to be able to verify your
signatures, but wish to select those who may, PGP offers facility for
this.  There is no way to represent this desire syntactically and no
way to enforce the desire.

Why might not one want a key distributed?  It indicates use of
cryptography, for one, and, perhaps, the use of patent-infringing
cryptography.

Eric





Thread