protecting pub-keys from unwanted signatures

Stefan Claas admin at zwiebelfreund.de
Sun Aug 16 19:41:33 CEST 2015


On Sun, Aug 16, 2015 at 06:04:38PM +0200, Einar Ryeng wrote:
> On Sun, Aug 16, 2015 at 04:26:16PM +0200, Stefan Claas wrote:
> > 
> > What i meaned whith my initial post was that it should in the
> > future not be possible to sign someones pub key directly, to
> > prevent unwanted signatures. Sure one can revoke his/her pub
> > key, but how often would you like to do that if a "prankster"
> > has lot's of energy?
> 
> What harm do your see in "fake" signatures? There is a possibility of someone
> making your key excessively large to download by adding tons of signatures to
> it. If that happens, the correct place to fix it is probably the keyserver
> code. Your "signed signatures" proposal would not inherently eliminate this
> problem; Alice would still need to make a signature on Bob's key and upload it
> to the server in order to allow Bob to download and sign the signature.
> 
> Is there any other problem arising from someone signing your key without
> "permission"?
> 
> If you only want this for decluttering purposes, you will probably achieve
> something similar by only looking at mutually signed keys. It won't be exactly
> same, because the keys then have signed each other directly rather than each
> other's signature packets, but depending on your problem it may do the job for
> you.
> 
> -- 
> Einar Ryeng

Hi,

what harm do i see with "fake" signatures or signatures without permission?

Well, i think everybody here or elsewere can imagine by themselves how
"happy" one would be to receive unwanted signatures, depending on the
content...

Regards
Stefan




More information about the Gnupg-users mailing list