[KLUG Members] gpg key signing party.
Dirk H Bartley
dbartley at schupan.com
Mon Feb 20 10:45:06 EST 2006
On Mon, 2006-02-20 at 09:57 -0500, Adam Tauno Williams wrote:
> > OK, I have my gpg key created and working. I added a couple of my other
> > emails to my key (adduid), but I'm undecided about which ones to add.
> > This leaves me with some questions about wwwkeys.us.pgp.net.
> > 1) How spam proof is it? Can spam bots harvest emails from it?
>
> I suppose that they can.
>
> > 2) What if I upload my public key now, and change my mind later about
> > my email addresses (I run adduid/deluid later). I can I change my key
> > on the server? How? Can I upload it again and overwrite it?
If you deluid and then synchronize with the keyserver, you will get that
uid right back again.
>
> I'm not certain. Do keys contain revision references?
>
> > 3) If I can change my key on the server, what keeps other people from
> > changing my key?
>
> You are uploading your public key, it can't be generated without your
> private key. There is no reason to 'protect' the public key. If it is
> altered without the presence of the private key it will be invalid.
>
> > All I see is the place to upload a key, but nothing on how to change or
> > delete a key, nor any security on the key uploaded. I don't get it! :-)
Don't forget to make a copy of your revocation. Or make a copy of your
entire .gnupg directory and put it in a safe place.
Dirk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20060220/726a885d/attachment.bin
More information about the Members
mailing list