Thanks for the feedback, Daniel.
On 06/11/2009 10:52 PM, Daniel Franke wrote:
Daniel Kahn Gillmor <dkg(_at_)fifthhorseman(_dot_)net> writes:
[selfsig-primary]
The most recent self-sig over the User ID identified in [valid-uid]
should be marked as the primary User ID.
This expectation doesn't make sense. I have multiple IDs representing
my personal and work addresses. My primary address is my personal one,
but I've had it longer than I've had my current, hence this ID is not
the newest.
Right; this test checks for the most recent self-sig *over the given
uid*, not the self-sig over the most recent uid. My intent with the
"most recent" terminology was to acknowledge this clause in RFC 4880 (in
section 5.2.3.3):
An implementation that encounters multiple self-signatures on the
same object may resolve the ambiguity in any way it sees fit, but it
is RECOMMENDED that priority be given to the most recent self-
signature.
I've probably phrased it poorly; suggestions for how to rephrase it?
[wot-published]
The key and associated [valid-uid] and [subkey-encryption] (and their
most recent binding signatures) should be visible from keyservers in the
current Web of Trust (maybe this would be a network check against the
SKS pool?).
Many people have no wish to have their key on public keyservers; there's
even a flag you can set (no-ks-modify) to request that others not upload
it. Some people might only use PGP among a small, well-delineated group
and exchange keys by sneakernet. Also, from when I ran a keyserver a
few years back, I'm fairly sure I remember seeing logs of it being
perused by spammers.
True, there are many people who do not their keys on public keyservers.
Should this be represented as a different situation than the normal
case? Or would it be OK to this issue "pedantic", and include the
detail about why some folks might prefer to avoid it in the explanation?
From the perspective of being able to find a trust path to an third
party through mutual acquaintances, it seems advantageous to encourage
people to publish to the WoT. But there are downsides, as you say, such
as spammers and social/transactional surveillance by third parties.
I should note that i'm a bit confused about the keyserver-no-modify
flag. recent versions of GPG seem to set it by default. But the spec says:
http://tools.ietf.org/html/rfc4880#section-5.2.3.17
the key holder requests that this key only be modified or updated
by the key holder or an administrator of the key server.
And yet, i can upload gpg-created keys to keyservers with no warnings
(whether or not i hold the secret key) and the keyservers accept them
anyway.
How is the keyserver supposed to tell who is making the upload? Or are
clients expected to interpret this flag, and behave honorably with it?
is gnupg behaving poorly? Should i have to override something to force
such a key into the keyservers?
--dkg
signature.asc
Description: OpenPGP digital signature