sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c cont

From: Robert J. Hansen
Subject: Re: [Sks-devel] 0xd5920e937cc1e39b shows signatures with 0xca57ad7c continuing?
Date: Mon, 04 Jun 2012 15:02:49 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 
On 6/4/12 5:55 AM, Gabor Kiss wrote:
>>> Actually it is not true that SKS does not modify certs.
>>
>> AFAIK, no one in this discussion ever claimed it does.
>
> I did not say that someone stated this. :-)

Then why did you say "It is not true that SKS does not modify certs"?
You're arguing against something that no one claimed and which no one
believes.  I don't understand the point of that.

> However I say: if one kind of modification is allowed
> then the other is also possible.

No.  Because if you drop signatures, you are losing information, and
several people have come out quite adamantly against SKS losing information.

> If somebody uploaded a key 10 years ago that had or has expired
> signatures but he don't touch it key server does not execute any arbitrary
> changes. It may drop invalid signatures under control of the end user.

(I'm assuming by "invalid signature" you mean "bad signature.")

No, it can't.  The only way to determine if a signature is bad is to do
a cryptographic operation, and SKS has no cryptographic code.

Expired signatures can still be meaningful, so they must not be dropped.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]