-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From: "Stefan Kelm" <kelmat_private> > This is of particular danger when it comes to keyservers, since the key > information itself is usually considered as highly trustworthy. Absolutely not. Keyservers are wide open public repositories. They can, and do, contain arbitrary garbage. Users should only trust material that they can verify through signatures or direct contact. Moreover, clients should only be generating well-formed URLs for key lookups. What am I missing? -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPMRMGVMkvpTT8vCGEQKSRQCgi3Uvj/w4wAtFsBzM0Yt+CglxTj0AoNCj vADEMPSTqze3uqdKfLUp3JyT =IXGp -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Apr 24 2002 - 20:45:14 PDT