[liberationtech] PGP WOT
Seth David Schoen
schoen at eff.org
Sun Mar 23 15:21:39 PDT 2014
Jonathan Wilkes writes:
> Furthermore, couldn't I periodically query every publicly accessible
> PGP keyserver (maybe do it in a distributed manner) to see who
> signed what, and then mirror that web of trust with the keys I
> control?
>
> Furthermore, couldn't I also upload keys with same name/email
> addresses for any keys that existed before I started, lie about the
> creation date, and work those into my hall of mirrors?
Micah Lee's OHM talk addressed these problems:
https://program.ohm2013.org/event/113.html
https://github.com/micahflee/trollwot
https://github.com/micahflee/trollwot/blob/master/trollwot.pdf
(It doesn't really propose solutions, just highlights the problems very
well.)
--
Seth Schoen <schoen at eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
More information about the liberationtech
mailing list