On Apr 28, 2009, at 10:31 AM, Daniel Kahn Gillmor wrote:
I'm trying to understand the preferred key server subpacket [0] and
how
one might reasonably respect it in an implementation without causing
potential for things that are the OpenPGP equivalent of "web bugs",
but
while still keeping it useful.
While looking into this, it occured to me that the RFC doesn't
explicitly say that the Preferred Key Server subpacket must only
reside
on a self-signature. So, what would it mean if the Preferred Key
Server
subpacket was included in a third-party certification?
I would say it means "Here is how the person who issued that
certification wants you to get his key". The same thing applies if
the preferred keyserver packet was included on a regular data
signature (which GPG supports, by the way).
For example, Alice has an OpenPGP with her User ID "Alice". Bob meets
Alice, checks fingerprints, and certifies her User ID with a signature
type 0x10. But his signature contains a Preferred Key Server sub-
packet
that points back to http://bob.example.org/alice
Carol imports Alice's key, but wants to be sure that she has the
latest
updates, revocations, and so forth, so she asks her OpenPGP client
(which defaults to using pool.sks-keyservers.net) to refresh from the
keyservers. What should Carol's OpenPGP client do in this case?
Her choice, really. Bob has made a statement that he provides his key
at a particular address. It's up to Carol (or Carol's client) to
decide if she wants to respect that. She may have reasons (web bug
behavior) not to follow Bob's statement. If Bob doesn't put his key
on keyservers (good luck to Bob, there), then there may be no other
way to get the key other than following Bob's statement. Depending on
how Carol is calculating the validity of Alice's key, Carol may not
need Bob's key at all - after all Bob is just another signature on
Alice's key. Unless Carol is doing some sort of trust calculation,
and her trust path to Alice runs through Bob, Bob's signature is not
really relevant here.
What about in the case where the Preferred Key Server subpacket is on
Alice's self-sig? What about two different Preferred Key Server
subpackets (one from Alice, one from Bob)?
If there is a preferred keyserver subpacket on Alice's self-sig, then
it was issued by Alice, and the recipient can either follow it or not,
as they like. I'm not sure I follow where Bob's subpacket comes in
here.
David