Including non-selfsigs in WKD?

Werner Koch wk at gnupg.org
Mon Jul 25 15:27:17 CEST 2022


On Mon, 11 Jul 2022 13:24, Ingo Klöcker said:
> From a quick glance at the code third-party signatures seem to be included in 
> the export. And that makes sense because you probably want to publish
> your own

No, they should not be included.  gpg-wks-cleint uses

  --export-options export-minimal which does 

   Export the smallest key possible. This removes all signatures except
   the most recent self-signature on each user ID. This option is the
   same as running the --edit-key command "minimize" before export
   except that the local copy of the key is not modified. Defaults to
   no.

I could imagine to add a feature to keep third-party signatures from
keys which are flagged with fully trust.  However, this leaks the
owneertrust information which we try to keep local.

A reliable keyserver network with lookup only by fingerprint seems to be
a better solution to me.


Shalom-Salam,

   Werner

-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20220725/28609386/attachment.sig>


More information about the Gnupg-devel mailing list