no-ks-modify effect on signature uploads
mailinglisten at hauke-laging.de
Wed Aug 11 17:52:50 CEST 2010
Am Mittwoch 11 August 2010 16:11:24 schrieb David Shaw:
> > Does gpg upload signatures for other people's key which have this flag?
> I actually considered this once, but in the end, it would be confusing to
> have a key be uploadable with PGP but not GPG.
Maybe but the number of people using both (with the same keys!) is probably
not so high. And it would be obvious to anyone that this behaviour is due to
an improvement in gpg. Avoid big number improvement in order to avoid small
number confusion? A weak argument, even more as gpg is not strictly compatible
to (all versions of) PGP (simultaneously) anyway.
gpg should issue an error message to inform the user.
> Also, it could be defeated
> trivially by just exporting a key to a text file (always legal),
When doing this with such a key then a warning should be issued. This would
have the additional positive effect of making users aware of the privacy
problem over time.
> and then
> uploading it to the keyservers using the web. It would have been an
> illusion of actual functionality.
No, not an illusion of functionality, maybe an illusion of protection. The
problem would not be solved but reduced. The illusion could be prevented by
putting the relevant information into both the documentation and error/warning
messages. Having such an illusion would be the fault of noone but the
respective user himself. And there is no reason that there is noone out there
who has this illusion even today. :-)
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users