|
|
|
|
|
|
by sp332
2492 days ago
|
|
|
To prove that you have the private key, they should send you a challenge message and make you send back that message with a signature. If you can send any signed message, anyone who has ever received a signed message from a person can upload it and revoke that person's key. |
|
|
Reading the code, it does indeed allow any signed message: https://github.com/tdjsnelling/dat-keyserver/blob/12fa3e8389...