Including non-selfsigs in WKD?
Werner Koch
wk at gnupg.org
Mon Jul 25 15:27:17 CEST 2022
On Mon, 11 Jul 2022 13:24, Ingo Klöcker said:
> From a quick glance at the code third-party signatures seem to be included in
> the export. And that makes sense because you probably want to publish
> your own
No, they should not be included. gpg-wks-cleint uses
--export-options export-minimal which does
Export the smallest key possible. This removes all signatures except
the most recent self-signature on each user ID. This option is the
same as running the --edit-key command "minimize" before export
except that the local copy of the key is not modified. Defaults to
no.
I could imagine to add a feature to keep third-party signatures from
keys which are flagged with fully trust. However, this leaks the
owneertrust information which we try to keep local.
A reliable keyserver network with lookup only by fingerprint seems to be
a better solution to me.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20220725/28609386/attachment.sig>
More information about the Gnupg-devel
mailing list