On Tue, Jul 02, 2002 at 11:16:11AM +0900, Hironobu SUZUKI wrote:
2) Privacy issue:
Someone who is not owner of that public key can put public key
with PhotoID into public keyserver. And everyone can get someone's
public key with PhotoID.
Anyone can upload *any* public key to a keyserver or distribute it via
whatever means they like. This is the same "risk" as someone
uploading a key with my email address on it. If I do not want my
photograph (or email address, name, public key, etc.) made public,
then... I should not make it public.
I think that most OpenPGP users concern privacy issue. Size issue
become problem to some public keyserver sites. From my experience,
entire of storage size for handling public keysever may require 4
times (or more) of whole of public keys. I mean if dump key size is
15GB, HDD size is required 60GB at least.
In my opinion, if public key with photoID is submitted public
keyserver, public keyserver remove photoID and related signature
packets and store the remains of packates into database.
Any keyserver operator is free to do this. Conversely, any keyserver
operator is free to not do this. Some keyservers have been storing
keys with photo IDs on them for years. Some keyservers have been
removing photo IDs for years[1].
Where's the problem?
David
[1] Admittedly, pksd removes photo IDs because it doesn't understand
them, and not due to a design choice, but the effect is the same.
--
David Shaw | dshaw(_at_)jabberwocky(_dot_)com | WWW
http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson