[KLUG Members] gpg key signing party.

[Dirk H Bartley]

On Mon, 2006-02-20 at 09:57 -0500, Adam Tauno Williams wrote:
> > OK, I have my gpg key created and working.  I added a couple of my other
> > emails to my key (adduid), but I'm undecided about which ones to add.
> > This leaves me with some questions about wwwkeys.us.pgp.net.
> > 1)  How spam proof is it?  Can spam bots harvest emails from it?
> 
> I suppose that they can.
> 
> > 2)  What if I upload my public key now, and change my mind later about
> > my email addresses (I run adduid/deluid later).  I can I change my key
> > on the server?  How?  Can I upload it again and overwrite it?

If you deluid and then synchronize with the keyserver, you will get that
uid right back again.


> 
> I'm not certain.  Do keys contain revision references?
> 
> > 3)  If I can change my key on the server, what keeps other people from
> > changing my key?
> 
> You are uploading your public key,  it can't be generated without your
> private key.  There is no reason to 'protect' the public key.  If it is
> altered without the presence of the private key it will be invalid.
> 
> > All I see is the place to upload a key, but nothing on how to change or
> > delete a key, nor any security on the key uploaded. I don't get it!  :-)

Don't forget to make a copy of your revocation.  Or make a copy of your
entire .gnupg directory and put it in a safe place.

Dirk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20060220/726a885d/attachment.bin