Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2012-05-26 07:58, Gabor Kiss wrote:
>> Is there really a need to carry around every expired signature
>> forever from a robo-signer?
> 
>> Should/could some of the expired signatures be actively filtered
>> (and archived) instead of being carried in SKS key servers
>> forever? Yes a policy change like this would be controversial and
>> difficult to deploy.
> 
> I agree.
> 

I too, agree, that this is something that should be considered.

GnuPG is already doing its own cleaning up of the code for similar
reasons, something which was discussed back in April 2011 as well[0]
(and reminded me about [1], I had nearly forgotten about that) :)

But as you say Jeff, we'd need to set up a proper policy for it, if we
do. Are there other signatures that can be considered robosigners that
should be incorporated, or is PGP Corp's the most used and as such the
only one that deserve a discussion?

And also, where should it be cleaned up? In order for it to be any
effect, it'd probably have to be done in the "sks cleandb" command,
and add a filter for existing keys. In addition then, the filter
should be used for incoming keys, which would result in a change of
the compatible gossip version of SKS (if I'm not mistaken the gossip
protocol require the same filters to be applied; reconCS.ml around
line 61)

So is the cost of disk space worth breaking the backwards compatibility?

[0] http://www.mail-archive.com/address@hidden/msg01820.html
[1]
http://www.kfwebs.net/articles/article/17/GPG-mass-cleaning-and-the-PGP-Corp.-Global-Directory


- -- 
- ----------------------------
Kristian Fiskerstrand
http://www.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws
- ----------------------------
This email was digitally signed using the OpenPGP
standard. If you want to read more about this
The book: Sending Emails - The Safe Way: An
introduction to OpenPGP security is now
available in both Amazon Kindle and Paperback
format at
http://www.amazon.com/dp/B006RSG1S4/
- ----------------------------
Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJPwfKGAAoJEBbgz41rC5UIzkAP/AzCixqYHupyrYZsYQHjYIBk
wDPRIC60qLqn1suiKZrWQc9TpVrMHdyn6dvJXNE38wC3rIR7yjEOUG/cysecNKOd
ngZcs4a9wah3pQNK8yLYzpBOHdZdz+1AWjUmNIMnAnuVzpf9VPVNKG9ctSqobpLL
sB5zThGXrTFsUS1ADuICQo8B7S8ZlnV210yCsGplWNCcJ5bSwXV9MpJT8WPSOPuK
C9EdML2nrB7Jw4AvPolqs/E+4smTurdr+YEVjM+vlp7jcGxi0MQeCiBGHQbbYs3x
WflUHgUS9XT8a/LdulZ1FP+fJLPHIZlstuqtWRFT8Q4chqi7QRpPMGduUZSja/oQ
NniQ93Bb7ozoVx0tH7IMO8KmmmxgtWHIedMZix55+m+ERDnndTS8kspE3RDWlKWh
jQnZ0oQ7Jc4j16sRmJI1HJfmaaYKiPKrOaQgix6YIhhQDk5EpWsADuLjFcVJLQG9
FzVb/8zTU4QezkZxSSRzoRDB+YZTMgVOkxJg7JkbSMSxs4zScqnzhSwno4Y5f/Aq
72M8SpGWBG3ihdp5ThJKdleiJCrEBZZeg+tGjLLU9o0od+is+D4kr8HoD+RLzWdV
BUxnQT6g8QyxygrThYZE25UT+2is/fgUkyjwils8vpbTkRv9UMep2zYQPKgETnv8
YQlOuLMsuxpjtE/L57TN
=UAl1
-----END PGP SIGNATURE-----