[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] nokeyserver annotation
|
From: |
Vincent Breitmoser |
|
Subject: |
Re: [Sks-devel] nokeyserver annotation |
|
Date: |
Tue, 20 Dec 2016 19:25:06 +0100 |
|
User-agent: |
NeoMutt/20161104 (1.7.1) |
> Assuming the intention is tagging my key (which hasn't been published so
> far) so it doesn't end up on the keyserver. In that case *all* self-sigs
> would need to carry the notation as otherwise an intruder could just
> remove the newest nokeyserver selfsig and still have a valid key (iff
> all self-sigs have that flag, no upload can be crafted that has
> verifying self-signatures and not carry the flag).
There's two approaches here: If just one such self-sig is enough and we
don't verify, that will already prevent accidental upload, though not
active vandalism. If we want to have that too, we'll have to verify
those sigs, and all self-sigs will have to have it.
Personally I think the first part is what's important, and the second is
probably too complex to accomplish easily.
@dkg What were you going for here?
- V
Re: [Sks-devel] nokeyserver annotation, Kiss Gabor (Bitman), 2016/12/20
Re: [Sks-devel] nokeyserver annotation, Daniel Kahn Gillmor, 2016/12/20