protecting pub-keys from unwanted signatures
Schlacta, Christ
aarcane at aarcane.org
Sun Aug 16 20:24:38 CEST 2015
I'll reiterate that there's really no such thing as unwanted signatures.
The more signatures on a key, the stronger the Web of Trust. End of story.
Please try to understand that no signature is inherently unwanted. Your
proposal, in any form, would weaken gpg on the whole by increasing the
already high burden on users to maintain their keys.
On Aug 16, 2015 10:16 AM, <vedaal at nym.hush.com> wrote:
> On 8/16/2015 at 12:34 PM, "Stefan Claas" <admin at zwiebelfreund.de> wrote:
>
> >Should now GnuPG been enhaned, or the Key Server's been updated,
> >similar to the pgp.com one.in order to allow such things not in
> >the future?
>
> =====
>
> It would be very helpful if such a protection against unwanted key
> signatures could be instituted.
> Here is a possible suggestion on how it might be done:
>
> [1] Have GnuPG require a 'cross-certification' of signatures, similar to
> the cross-certification of subkeys.
>
> [2] Have GnuPG give a message upon importing a public key, that
>
> "Signatures from keyid's [...], [....], and [...] have not been
> cross-certified by their owner,
> Clean these signatures, y / n ? "
>
> (Alternatively, the default could be:
> "These signatures will be removed. If you want to keep them, enter
> 'keep-sig' ",
>
> and then each new sig would be displayed, and if the importer
> wants the sig, the importer would need to enter 'keep-sig' for each sig
> individually.)
>
> This would require the owners of the keys to do periodic checking of their
> keys and cross-certify the signatures they want.
>
> It would also be a bit of work for the owners to cross-certify all the
> 'good' signatures they were happy to get.
>
>
> Just a suggestion.
>
> The implementers can best decide how much extra work this would require,
> and if there is a simpler better way to accomplish the desired result.
>
>
> vedaal
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150816/06337159/attachment.html>
More information about the Gnupg-users
mailing list