protecting pub-keys from unwanted signatures
vedaal at nym.hush.com
vedaal at nym.hush.com
Sun Aug 16 19:15:16 CEST 2015
On 8/16/2015 at 12:34 PM, "Stefan Claas" <admin at zwiebelfreund.de> wrote:
>Should now GnuPG been enhaned, or the Key Server's been updated,
>similar to the pgp.com one.in order to allow such things not in
>the future?
=====
It would be very helpful if such a protection against unwanted key signatures could be instituted.
Here is a possible suggestion on how it might be done:
[1] Have GnuPG require a 'cross-certification' of signatures, similar to the cross-certification of subkeys.
[2] Have GnuPG give a message upon importing a public key, that
"Signatures from keyid's [...], [....], and [...] have not been cross-certified by their owner,
Clean these signatures, y / n ? "
(Alternatively, the default could be:
"These signatures will be removed. If you want to keep them, enter 'keep-sig' ",
and then each new sig would be displayed, and if the importer
wants the sig, the importer would need to enter 'keep-sig' for each sig individually.)
This would require the owners of the keys to do periodic checking of their keys and cross-certify the signatures they want.
It would also be a bit of work for the owners to cross-certify all the 'good' signatures they were happy to get.
Just a suggestion.
The implementers can best decide how much extra work this would require, and if there is a simpler better way to accomplish the desired result.
vedaal
More information about the Gnupg-users
mailing list