Global Directory signatures (was Re: GPG wants to check trustdb every day)

David Shaw dshaw at jabberwocky.com
Thu Dec 30 06:19:45 CET 2004


On Wed, Dec 29, 2004 at 11:35:12PM -0500, Jason Harris wrote:
> On Wed, Dec 29, 2004 at 08:44:43PM -0500, David Shaw wrote:
> 
> > I rather like the notion of GPG keeping GPG clean, the keyservers
> > keeping the keyservers clean, and so on.  So long as people aren't
> > actively bridging keys between the GD and the keyserver net (which
> > seems to be happening in my case, though I have no idea why someone
> > would bother), this should be okay.
> 
> Good luck.  Each person who signed 0xCA57AD7C and uploaded their
> signature for others to use:
> 
>   http://keyserver.kjsl.com:11371/pks/lookup?op=vindex&search=0xCA57AD7C
> 
> probably disagrees, unless keyserver.pgp.com is now secretly
> infiltrating its keys into the regular public keyserver network.

I'm not sure what connection this comment has with the discussion.
You're talking about people signing a key and uploading their
signatures (however foolish this might be in the case of the GD key).
I'm talking about someone downloading keys from the GD and then
pushing them onto the keyserver net.

As I said, unless someone is bridging keys intentionally, then the
GnuPG filter should handle it reasonably well.  (Only "reasonably"
well because of the overlap in signature dates).

> Besides, using only keyserver.pgp.com isn't feasible if you care about
> signatures from keys not registered with it.  This is because it now
> implements "weak no-modify" in addition to being unsynchronized, whereas
> in the past it was only because it stopped synchronizing with other
> keyservers.

I think the people who the GD was designed for pretty much don't care
about signatures from keys not registered with it.  That's the whole
point.

Understand that being "unsynchronized" is a major *feature* of the GD.
A goal of the GD is to keep all of the old crap from the keyserver net
off.  I know you like synchronization, but you are not the target
audience for the GD.  Neither am I.  I use it because it provides some
level of useful functionality even to people who aren't the target
audience.

David



More information about the Gnupg-users mailing list