[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] SKS should not accept or replay non-exportable certifica
|
From: |
kwadronaut |
|
Subject: |
Re: [Sks-devel] SKS should not accept or replay non-exportable certifications |
|
Date: |
Sun, 15 Sep 2013 01:05:18 +0200 |
On 14/09/13 23:00, Robert J. Hansen wrote:
> On 9/14/2013 3:08 PM, Daniel Kahn Gillmor wrote:
>> Let me also be clearer about why i find this bug serious...
>
> I am still not seeing why this bug is serious. It still seems to be a
> case of mountains and molehills.
A bug is a bug. I've got a mountain in my backyard and a molehill. Guess
what my neighbor complains most about.
>> I have told numerous people that the keyserver network will not
>> propagate local signatures.
>
> This is true. However, as Ray Lee once said, "every truth has a
> context." Here the context is, "but if you try to prove how clever you
> are by creating corner-case certificates, you may wind up hoist in your
> own petard."
I don't know who Ray Lee is, and I do know that I never expected local
signatures to be propagated through the keyserver networks.[1]
>> If the keyserver network actively forwards these certifications,
>> then users of the keyserver network and local certifications stand a
>> greater risk of global data leakage that they do not want.
>
> Please show me real users who are having troubles dealing with this bug.
> Not just you, because we've already established you're in love with
> weird corner cases. If this is affecting real users then I would be all
> in favor of further discussion on this subject. Without them, though,
> I'm inclined to say "enough already!"
Hello there, I'm a user who once in a while runs into such
correspondents. And I'm not alone, dkg states in another thread in a
different mailing list, about this same problem: "I know there are GnuPG
users who prefer to avoid having their keys on the public keyservers
entirely, and who are willing to accept the costs of doing manual key
distribution using non-exportable certifications." [2] Lastly I doubt
many people will a. know/notice b. be on this mailing list and c. feel
like exposing themselves.
Ciao,
kwadronaut
[1] I'd like to know who s/he is, care to mail my a pointer off-list?
[2] http://lists.gnupg.org/pipermail/gnupg-users/2013-September/047571.html
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, (continued)
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Daniel Kahn Gillmor, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, John Clizbe, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Jason Harris, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Phil Pennock, 2013/09/15
- [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], Daniel Kahn Gillmor, 2013/09/17
- Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], ClarusComms OpenPGP Services, 2013/09/18
- Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], Johan van Selst, 2013/09/18
- Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], Stephan Seitz, 2013/09/18
- Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], John Clizbe, 2013/09/18
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Jason Harris, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications,
kwadronaut <=
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, David Shaw, 2013/09/15