On 03/20/2009 02:58 PM, Florian Weimer wrote: > I have nothing against encrypting queries, but you should also keep in > mind that you have no reason whatsoever to trust key server operators.
I agree that there is no reason whatsoever to trust any arbitrary key
server operator to keep your queries private, or to avoid logging them,
or even to produce all the relevant known data associated with a
particular query. However, there are specific key server operators who
i *do* trust to do these things whose key servers are connected to the
global network.
I'd prefer to be able to use an encrypted channel to these particular
machines, which i have reason to believe will not betray that trust.
Note that this trust does not extend to the question of keyservers
deliberately fabricating *bad* information. My OpenPGP client should be
able to cryptographically verify whether any information retrieved from
a keyserver is valid, whether i trust the keyserver or not.
--dkg
signature.asc
Description: OpenPGP digital signature
