Including non-selfsigs in WKD?
Bernhard Reiter
bernhard at intevation.de
Wed Jul 27 15:32:44 CEST 2022
Am Montag 25 Juli 2022 15:27:17 schrieb Werner Koch via Gnupg-devel:
> gpg-wks-client uses
>
> --export-options export-minimal which does
>
> Export the smallest key possible. This removes all signatures except
> the most recent self-signature on each user ID.
> I could imagine to add a feature to keep third-party signatures from
> keys which are flagged with fully trust. However, this leaks the
> owneertrust information which we try to keep local.
I can also see that adding third party signatures to a pubkey
delivered by WKD is good.
It needs a way for users to control which signatures,
which the simplest would be all in my keyring up to a limit in numbers.
(This has the drawback that I cannot just update my own pubkey from
keyservers without some attendance. But I guess I shouldn't do this blindly
anyway.)
> A reliable keyserver network with lookup only by fingerprint seems to be
> a better solution to me.
Both would profit from each other.
(I think the web of trust still has some merits, although in a new form.)
Regards
Bernhard
--
https://intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20220727/b01d84b4/attachment.sig>
More information about the Gnupg-devel
mailing list