1994-12-15 - No Subject

Header Data

From: ddt@lsd.com
To: N/A
Message Hash: cab4fe254cb39930ab17125f4860c84ce6e8dbbd6b1593229bf5afbdd9985fcb
Message ID: <ab15b73c07021003cae9@[]>
Reply To: N/A
UTC Datetime: 1994-12-15 14:55:18 UTC
Raw Date: Thu, 15 Dec 94 06:55:18 PST

Raw message

From: ddt@lsd.com
Date: Thu, 15 Dec 94 06:55:18 PST
Subject: No Subject
Message-ID: <ab15b73c07021003cae9@[]>
MIME-Version: 1.0
Content-Type: text/plain

X-PGP Key ID: 4AAF00E5
X-PGP Fprint: 30D81F3484E6A83F 6EC8D7F0CAB3D265
Date: Thu, 15 Dec 1994 06:55:23 -0800
To: cypherpunks@toad.com
From: ddt@lsd.com (Dave Del Torto)
Subject: KEYSRVR: tabula rasa?
Cc: Philip Zimmermann <prz@acm.org>, Michael Graff <explorer@iastate.edu>


[parts from a separate thread w/ Derek]

Why is it possible for someone other than ME to add MY key to a keyserver?
I realize that at some point (perhaps only the first time you submit a
key?), there has to be some trust model employed, but it seems like this
anyone-can-submit-anyone-else's-key situation offers a very obvious attack:
anyone could propagate bogus keys across the net by just generating bogus
keys with someone else's email/name on them, leading to massive
impersonation problems.

Maybe I'm missing something obvious, but it seems like there should be a
more rigorous method available to, and employed by, keyserver operators for
verifying someone's identity before accepting a key submitted (supposedly)
by them. Shouldn't the key submission msg itself at minimum be required to
be contained within a signed msg from someone with enough "nearness" in
trust levels from some trusted introducer known to the keyserver op? I
thought this sort of situation was precisely the reason for the trust level
system in PGP in the first place.

This may be a can of worms (or not), but if cpunks require fairly decent
methods for verifying the identities of people who want to trade keys with
them personally, then it seems keyservers should require at LEAST that
level of verification (or better).

I'd like to CLEAR/REMOVE ALL keys from ALL keyservers that are:
  - attributed to me by others (without my knowledge)
  - added by others (unknown to me)
  - purporting to have been generated by me)
and start with a tabula rasa. Maybe in a few weeks, once all these (what I
consider to be) bogus keys are GONE, I can add my actual key to a

There doesn't seem to be any elegant mechanism available for doing this
yet, but I'm ready to be educated on this point. Any comments?


Version: 2.6