Security of the gpg private keyring?
dshaw at jabberwocky.com
Wed Mar 2 00:46:39 CET 2011
On Mar 1, 2011, at 6:29 PM, MFPA wrote:
> On Tuesday 1 March 2011 at 8:56:56 PM, in
> <mid:201103012156.57096 at thufir.ingo-kloecker.de>, Ingo Klöcker wrote:
>> Hmm. Why do the keyservers need to support it at all?
>> IMO the clients that want to upload a key should check
>> for this flag and warn the user if a key has this flag.
> I think the warning would be a good idea because it should serve to
> reduce accidental uploading of keys (except by those who view such
> warnings as "noise" and just click through without really reading
> Since the keyserver-no-modify flag is set by default in GnuPG and this
> warning would be triggered for a large percentage of keys, why bother
> checking for the flag? "Do you really want to publish this key to a
> keyserver?" could be asked every time the user told the client to
> upload any key, perhaps also displaying some info about the key and
> the server.
For that matter, you could just emit the warning for any key that you don't also have the secret part for. That is, keys that have a higher chance of not being yours.
I would worry about the warning being invisible after a while though.
More information about the Gnupg-users