multiple copies of the self-signature on the key
Janusz A. Urbanowicz
alex at bofh.net.pl
Fri Jun 16 15:01:20 CEST 2006
On Fri, Jun 16, 2006 at 08:11:18AM -0400, David Shaw wrote:
> > > Without crypto support, how is the keyserver to know that the nice new
> > > signature with a later timestamp is in fact a real signature and not
> > > garbage? It would be a perfect denial-of-service attack to upload
> > > bogus selfsignatures and then sit back and watch the keyserver erase
> > > parts of the key.
> > >
> > > GPG can do this because it can actually verify the signatures and
> > > check. Keyservers are just storage and cannot verify.
> > So, why GPG doesn't do this on import? AFAIR PGP 2 did this automatically.
> PGP 2 didn't store anything useful in the self-signature, so there
> were never more than one unless someone intentionally forced one to be
> In any event, GPG can do this on import, but it is optional. If you
> want it:
> keyserver-options import-clean
but this will clear all "unneeded stuff" from the keys imported and not only
from my key?
More information about the Gnupg-devel