On Tue, 21 Jul 2015 23:11, dkg(_at_)fifthhorseman(_dot_)net said:
So the question is whether having this as an advisory mechanism (not a
perfect bulwark against adversarial publication) is worthwhile. If it
I would really like to see such a standard flag. For whatever reasons
some people do not like to have there keys on a keyserver and only make
them available by other means. Such a flag would also help with testing
to avoid accidental uploads of a key.
This can be implemented with a new flag value for the key server
preferences. The only defined 0x80 flag is not really useful because
there is no definition on now a keyserver can check that an update
request comes from the key holder. A new
0x40 = Do not send or refresh from a keyserver
could be used for this. Of course it is still possible to export
(e.g. "gpg --export") them and send them to a keyserver with other tools
but it makes administyration (e.g. "gpg --refresh-keys") easier.
An additional flag
0x20 = Do not use any public service to send or refresh this key
could be used in the same way for DNS or other network based lookups.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp