[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Keyserver] Hockeypuck 2.1.0 released
|
From: |
Werner Koch |
|
Subject: |
Re: [Keyserver] Hockeypuck 2.1.0 released |
|
Date: |
Fri, 11 Dec 2020 11:23:19 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
On Thu, 10 Dec 2020 11:07, Casey Marshall said:
> - Authenticated key management. This adds a couple of extra endpoints
> which allow a key owner to replace and delete their key, authenticated by
> signing the armored key in the request. This allows a key owner to still
> update their own key once it has been inflated beyond the key
Finally after more than 20 years waiting for someone to implement such a
feature. Yeah. Where can I find the specs?
Did you consider that an authenticated request to delete a key may not
actually remove the key from the keyserver? Instead the the primary key
should be kept and the server prepared to receive and merge even
unauthenticated revocation certificates. This is important in case of a
lost key (or passphrase forgotten) so that a pre-created revocation
certificate can be uploaded. Also avoids DoS after a key compromise.
> Blacklists and auth key management may also be of interest to keyserver
Still revocation certificates should get through. At least the first
valid revocation certificate needs to be handles before the key can be
set into an eternal non-modifiable state.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature