Posted Sep 21, 2012 7:31 UTC (Fri) by dd9jn (subscriber, #4459)
Parent article: gnupg: key spoofing
I have to chime in on this. First, older keyservers don't work with long keyids. Thus GnuPG could thus not use them. Meanwhile almost all keyserver upgraded to SKS which supports requests with long keyids. Thus we recently dropped support for old keyservers.
Second,the idea that a MITM on the keyserver is a problem is totally bogus. There is no security at all in the keyservers; they are only a convenient resources to store and retrieve keys. OpenPGP keys are self-contained and provide their own security: self-, key-, and key-binding-signatures. Any attack must be on the keys or the validation system in use (e.g. the web of trust).