[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How to handle photoID on keyserver? (Re: photo support?)
On Tue, Jul 02, 2002 at 11:16:11AM +0900, Hironobu SUZUKI wrote:
> 2) Privacy issue:
>
> Someone who is not owner of that public key can put public key
> with PhotoID into public keyserver. And everyone can get someone's
> public key with PhotoID.
Anyone can upload *any* public key to a keyserver or distribute it via
whatever means they like. This is the same "risk" as someone
uploading a key with my email address on it. If I do not want my
photograph (or email address, name, public key, etc.) made public,
then... I should not make it public.
> I think that most OpenPGP users concern privacy issue. Size issue
> become problem to some public keyserver sites. From my experience,
> entire of storage size for handling public keysever may require 4
> times (or more) of whole of public keys. I mean if dump key size is
> 15GB, HDD size is required 60GB at least.
>
> In my opinion, if public key with photoID is submitted public
> keyserver, public keyserver remove photoID and related signature
> packets and store the remains of packates into database.
Any keyserver operator is free to do this. Conversely, any keyserver
operator is free to not do this. Some keyservers have been storing
keys with photo IDs on them for years. Some keyservers have been
removing photo IDs for years[1].
Where's the problem?
David
[1] Admittedly, pksd removes photo IDs because it doesn't understand
them, and not due to a design choice, but the effect is the same.
--
David Shaw | dshaw@xxxxxxxxxxxxxxx | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson