aw h*ck, someone's uploaded a public key I don't control, labeled with my email address, to pool.sks-keyservers.net.
they went to the trouble of making the last 8 digits of the fingerprint collide, too.
anyone know what, if anything, I can do about this?
oh, for -- [smacks someone over the head with WP:POINT]
$ gpg --list-signatures F0D815DF6769AA64
pub rsa4096 2014-06-16 [SCEA] [revoked: 2016-08-16]
5D42E0410E61F697B839BF8BF0D815DF6769AA64
rev F0D815DF6769AA64 2016-08-16 [my email address]
reason: Key has been compromised
comment: This key was generated as part of the Evil32 project.
comment: It is not owned by the user described in the UID.
comment: See https://evil32.com/revoked for more details.
For the record, if you wanna send me encrypted email, use the key whose full fingerprint is listed on https://www.owlfolio.org/contact/ .
Unfortunately nothing can be done in the SKS due to its design. If it makes you happy someone created dozens of keys with my User ID and uploaded it there so searching by my e-mail doesn’t return my real key immediately.
It only shows that one should start from trusted fingerprint and the Web of Trust or follow social proofs (like https://keyoxide.org/ ) or use Web Key Directory if they can.
Fortunately the new keyservers are designed in a way that doesn’t allow such nasty impersonation attacks (see https://keys.openpgp.org).