protecting pub-keys from unwanted signatures

Einar Ryeng einarr at pvv.org
Sun Aug 16 18:04:38 CEST 2015


On Sun, Aug 16, 2015 at 04:26:16PM +0200, Stefan Claas wrote:
> 
> What i meaned whith my initial post was that it should in the
> future not be possible to sign someones pub key directly, to
> prevent unwanted signatures. Sure one can revoke his/her pub
> key, but how often would you like to do that if a "prankster"
> has lot's of energy?

What harm do your see in "fake" signatures? There is a possibility of someone
making your key excessively large to download by adding tons of signatures to
it. If that happens, the correct place to fix it is probably the keyserver
code. Your "signed signatures" proposal would not inherently eliminate this
problem; Alice would still need to make a signature on Bob's key and upload it
to the server in order to allow Bob to download and sign the signature.

Is there any other problem arising from someone signing your key without
"permission"?

If you only want this for decluttering purposes, you will probably achieve
something similar by only looking at mutually signed keys. It won't be exactly
same, because the keys then have signed each other directly rather than each
other's signature packets, but depending on your problem it may do the job for
you.

-- 
Einar Ryeng




More information about the Gnupg-users mailing list