"No-Keyserver" (and other) flags on keys

Dan Mahoney, System Admin danm at prime.gushi.org
Mon Jun 28 01:50:36 CEST 2010


On Sun, 27 Jun 2010, David Shaw wrote:

> It's a flag that can be set on a key user ID, similar to cipher or 
> compression preferences.  Run "--edit-key" on a key, and enter 
> "showpref" or "pref".  You will probably see a mention of "Keyserver 
> no-modify" (or "no-ks-modify").  You can turn it on and off with 
> setpref, like any other preference: "ks-modify" allows keyserver 
> modifications, and "no-ks-modify" disallows them.
>
> Note that the definition of no-modify is that only the keyholder (or the 
> administrator of the keyserver) can override it.  So the flag only 
> applies to other people - the keyholder can choose to upload his key if 
> he so desires.
>
>> Also, is it possible for either the manpage or the interactive help to 
>> include the meaning of the various preferences that are not cipher 
>> types?
>
> Sure enough, it's not in the man page.  I'll fix that.

I'd love to see an "editpref" which more interactively presented you with 
options (and descriptions) you could toggle (but would still maintain 
backwards compatibility with apps that used showpref or setpref)

>>> It's effectively a no-op though, as no server supports it.
>>
>> I'm looking into making mods to at least one server type (we run one 
>> locally at work), and commit them upstream.  If I'm going to wade into 
>> that muck, I might as well have multiple things to try to make work.
>>
>> The change in the key file format is the "hard" part :)
>
> Having keyservers support no-modify requires that they first support crypto at all.  That's a really big step.

The ones I've seen have enough awareness of what's in a key to pull a key 
apart and determine who's signed it, when, and when it's expired.  Is 
there more than that to read these bits?  Again:step zero may be to 
determine what the internal format is.

However, you raise another question: How does a keyserver know who is 
uploading the key?

(Note that this doesn't apply to my original question, since that was 
simply a "keyservers should throw this away" flag, where a user might 
choose to publish on his website, his .plan file, on his business cards, 
in DNS, or via LDAP or S/Mime autodiscovery.)

-Dan

-- 

"Hitler, Satan, those Hanson kids, anything.  Just not the curious
anteater."

-Peter Scolari, as Wayne Szalinki in "Honey, I Shrunk The Kids--The
Series"


--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------




More information about the Gnupg-users mailing list