[KLUG Members] gpg key signing party.

[Dirk H Bartley]

On Mon, 2006-02-20 at 09:18 -0500, Bruce Smith wrote:
> OK, I have my gpg key created and working.  I added a couple of my other
> emails to my key (adduid), but I'm undecided about which ones to add.
> 
> This leaves me with some questions about wwwkeys.us.pgp.net.
> 
> 1)  How spam proof is it?  Can spam bots harvest emails from it?

I read somewhere that it would theoretically be possible but it is
generally not done.  Let me see if I can find where I read that.
> 
> 2)  What if I upload my public key now, and change my mind later about
> my email addresses (I run adduid/deluid later).  I can I change my key
> on the server?  How?  Can I upload it again and overwrite it?


If you upload now and no-one signs it, you can always add email
addresses later.  You may choose to ask people who had already signed
your key to resign it so that the new uid gets signed.
> 
> 3)  If I can change my key on the server, what keeps other people from
> changing my key?

Keyservers don't remove, they only add.  When you revoke, you add a
revocation.

> 
> All I see is the place to upload a key, but nothing on how to change or
> delete a key, nor any security on the key uploaded. I don't get it!  :-)

You can add new uid's.  Uid's are self signed.  There may be a keyserver
software protection to prevent the adding of a non self signed uid.

Others will then add their signature to your key and your uid.

Dirk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20060220/7d36fefe/attachment.bin