[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] nokeyserver annotation
From: |
Kristian Fiskerstrand |
Subject: |
Re: [Sks-devel] nokeyserver annotation |
Date: |
Tue, 20 Dec 2016 20:01:10 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 |
On 12/20/2016 07:58 PM, Vincent Breitmoser wrote:
>> If you can trick a user into importing a package that hinders
>> distribution of the keyblock
>
> This should be prevented by client implementations, why would they ever
> import a non-verifying self-cert?
An invalid notation might not be rejected by a client (is it critical
marked?). Is there a reference for this behavior in RFC and tested on
various implementations?
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Divide et impera
Divide and govern
signature.asc
Description: OpenPGP digital signature
Re: [Sks-devel] nokeyserver annotation, Kiss Gabor (Bitman), 2016/12/20
Re: [Sks-devel] nokeyserver annotation, Daniel Kahn Gillmor, 2016/12/20
Re: [Sks-devel] nokeyserver annotation, Kim Minh Kaplan, 2016/12/22