[Sks-devel] stripping GD sigs (was: Re: clean sigs)
Jason Harris
jharris at widomaker.com
Fri Sep 9 06:22:00 CEST 2005
On Thu, Sep 08, 2005 at 11:23:08PM -0400, David Shaw wrote:
> On Thu, Sep 08, 2005 at 11:10:23PM -0400, Jason Harris wrote:
> > Not at all. Anyone who wants sigs from the GD should use that
> > keyserver. They're still available from it, and, remember,
> > expired sigs don't affect the WoT, so what's the point of the
> > well-synchronized keyservers keeping GD sigs?
>
> You're not dropping expired signatures. You're dropping all
> signatures from a particular key - expired or not. Those signatures
> are part of the web of trust. The web of trust now has a different
> view from your keyserver than from the rest of the world.
Indeed, all keyservers (except the GD) should drop GD sigs.
> If I ran a keyserver, would it be appropriate for me to drop all
> signatures from your key D39DA0E3 simply because they're available
> somewhere else?
keyserver.pgp.com doesn't synchronize with other keyservers, by design,
which they maintain to be a GoodThing(TM). Are you currently insinuating
that the GD sigs should spam the well-synchronized keyservers?
> Personal opinions as to the usefulness of signatures should not be a
> factor in what a keyserver stores. It's a very dangerous path to go
> down: do you also strip signatures from someone "known" to be a bad
> signer? What's the criteria for inclusion in your keyserver? Is it
> stated somewhere so users can read it?
Right now, TTBOMK, only the GD is, indeed, ""known" to be a bad signer."
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20050909/0b6ab6f5/attachment.pgp
More information about the Gnupg-users
mailing list