Global Directory signatures (was Re: GPG wants to check trustdb
every day)
David Shaw
dshaw at jabberwocky.com
Wed Dec 29 05:44:21 CET 2004
On Tue, Dec 28, 2004 at 11:16:27PM -0500, Atom 'Smasher' wrote:
> On Tue, 28 Dec 2004, David Shaw wrote:
>
> > If what the GD does could have an actual impact on the keyservers and
> > web of trust, then the keyservers and web of trust were already
> > hopelessly broken.
> =============
>
> how many key-servers support the no-modify flag? it's part of the standard
> and it could keep these auto-pilot sigs (and other unwanted sigs) from
> polluting the system, but it's not supported. to that extent, the key
> servers *are* hopelessly broken. biglumber is the closest i've seen to
> being a good implementation, in this regard.
I certainly won't argue that many aspects of the keyserver design are
broken. The problem is, some of the brokenness is also a design
requirement for some people. "Broken" is really a question of "broken
for whom" ;)
Someone told me once that the old NAI "LDAP keyserver" supported
no-modify, but even if it is supported, neither of the two servers
running this software has it turned on.
The GD doesn't support no-modify either.
> > My concern is mainly about the aesthetics here. It's unattractive (and
> > over time large) to have that many expired sigs on your key.
> ===============
>
> not to downplay the matter of aesthetics, but it also becomes a usability
> issue if the UI is cluttered with unwanted information.
True. However if the concern is strictly the UI then a "don't show
unusable sigs" flag would handle that. There is already a "don't show
unusable user IDs" and "don't show unusable subkeys", so adding one
for sigs is no big deal.
David
More information about the Gnupg-users
mailing list