"No-Keyserver" (and other) flags on keys
Dan Mahoney, System Admin
danm at prime.gushi.org
Mon Jun 28 01:50:36 CEST 2010
On Sun, 27 Jun 2010, David Shaw wrote:
> It's a flag that can be set on a key user ID, similar to cipher or
> compression preferences. Run "--edit-key" on a key, and enter
> "showpref" or "pref". You will probably see a mention of "Keyserver
> no-modify" (or "no-ks-modify"). You can turn it on and off with
> setpref, like any other preference: "ks-modify" allows keyserver
> modifications, and "no-ks-modify" disallows them.
> Note that the definition of no-modify is that only the keyholder (or the
> administrator of the keyserver) can override it. So the flag only
> applies to other people - the keyholder can choose to upload his key if
> he so desires.
>> Also, is it possible for either the manpage or the interactive help to
>> include the meaning of the various preferences that are not cipher
> Sure enough, it's not in the man page. I'll fix that.
I'd love to see an "editpref" which more interactively presented you with
options (and descriptions) you could toggle (but would still maintain
backwards compatibility with apps that used showpref or setpref)
>>> It's effectively a no-op though, as no server supports it.
>> I'm looking into making mods to at least one server type (we run one
>> locally at work), and commit them upstream. If I'm going to wade into
>> that muck, I might as well have multiple things to try to make work.
>> The change in the key file format is the "hard" part :)
> Having keyservers support no-modify requires that they first support crypto at all. That's a really big step.
The ones I've seen have enough awareness of what's in a key to pull a key
apart and determine who's signed it, when, and when it's expired. Is
there more than that to read these bits? Again:step zero may be to
determine what the internal format is.
However, you raise another question: How does a keyserver know who is
uploading the key?
(Note that this doesn't apply to my original question, since that was
simply a "keyservers should throw this away" flag, where a user might
choose to publish on his website, his .plan file, on his business cards,
in DNS, or via LDAP or S/Mime autodiscovery.)
"Hitler, Satan, those Hanson kids, anything. Just not the curious
-Peter Scolari, as Wayne Szalinki in "Honey, I Shrunk The Kids--The
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
More information about the Gnupg-users