Including non-selfsigs in WKD?
Demi Marie Obenour
demi at invisiblethingslab.com
Mon Jul 25 19:10:55 CEST 2022
On Mon, Jul 25, 2022 at 03:27:17PM +0200, Werner Koch via Gnupg-devel wrote:
> On Mon, 11 Jul 2022 13:24, Ingo Klöcker said:
> > From a quick glance at the code third-party signatures seem to be included in
> > the export. And that makes sense because you probably want to publish
> > your own
>
> No, they should not be included. gpg-wks-cleint uses
>
> --export-options export-minimal which does
>
> Export the smallest key possible. This removes all signatures except
> the most recent self-signature on each user ID. This option is the
> same as running the --edit-key command "minimize" before export
> except that the local copy of the key is not modified. Defaults to
> no.
>
> I could imagine to add a feature to keep third-party signatures from
> keys which are flagged with fully trust. However, this leaks the
> owneertrust information which we try to keep local.
What about using attestation signatures? Only signatures that have been
attested to would be published.
--
Sincerely,
Demi Marie Obenour (she/her/hers)
Invisible Things Lab
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20220725/033668a2/attachment.sig>
More information about the Gnupg-devel
mailing list