no-ks-modify effect on signature uploads
mailinglisten at hauke-laging.de
Fri Aug 13 03:13:01 CEST 2010
Am Mittwoch 11 August 2010 22:11:06 schrieb David Shaw:
> > When doing this with such a key then a warning should be issued. This
> > would have the additional positive effect of making users aware of the
> > privacy problem over time.
> 99%+ of all keys created with GPG have the flag set (it's the default).
> This would mean that virtually every time a key was exported with GPG, the
> exporter would get a warning along the lines of "hey, please don't upload
> this to a keyserver".
> At that point, it's just noise.
In my opinion that is a strange definition of noise.
If we agree that this is a useful default (the flag set) and that it would be
great if the keyservers honoured it then the wished for future is that most
people cannot upload signatures for keys which are not their own.
I would regard such gpg behaviour as a kind if information/education for this
probable future (earlier or later). So people would start to change their view
of the infrastructure and the way the use the toole before they are completely
forced to do so (by the servers).
> I dislike illusion in security software. Either a protection is strong or
> it is not, and we should not pretend otherwise.
That is a valid argument but the combination of a feature and its
documentation is not necessarily pretending of something. If the warning and
documentation clearly state that this is a convenience feature and not a
crypto level protection then it is not illusion if anyone gets that wrong. You
are in big problems nearly at once of you use crypto software without having
understood how all this stuff works. This would be just one more point, a
rather harmless one. And you would be forced to ignore clear hints in order to
make mistakes. That's nothing anyone has to (or even: can) be protected from.
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users