Re: [Sks-devel] SKS should not accept or propagate User IDs with no self

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] SKS should not accept or propagate User IDs with no self

From:	John Clizbe
Subject:	Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications]
Date:	Wed, 18 Sep 2013 07:15:53 -0500
User-agent:	Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0 SeaMonkey/2.21

Daniel Kahn Gillmor wrote:
> Hi John, all--
> 
> On 09/14/2013 09:46 PM, John Clizbe wrote:.
> 
> clearly i think that such data should neither propagate on the
> keyservers nor be accepted or transmitted by the clients.  Both sides of
> the transaction should be actively filtering to minimize unwanted data
> leakage.

I think we're singin' outta the same hymnal now
>> 
>> My compromise suggestion of trying to DTRT but with minimum harm is in the
>> case of 1, where signing key != signed key, strip the non-exportable sig
>> before we import into the key store.
>> 
>> In the case of 2, where signing key == signed key (lsign your own key) we 
>> have
>> a user either intentionally or accidentally shooting himself in the crypto
>> foot. We can a) hold our noses and accept the key, or b) reject the entire 
>> key
>> as malformed -- there is no way to honor the no-export sig flag and still 
>> have
>> a valid key.
>> 
>> Another possibility is that if there are earlier or later exportable
>> selfsig(s), just strip the errant selfsig with the no-export flag.
> 
> I favor (b), but getting that to happen would require SKS to actually
> reject OpenPGP User IDs which have no selfsigs.  This is not currently
> the case for sks 1.1.4.
> 
> I believe the attached patch (also pushed to
> https://bitbucket.org/dkgdkg/sks-keyserver/) implements this additional
> verification.  Again, my ocaml is in its infancy, so i would welcome any
> sanity checking, and any advice about what i could do better in the code.

Infancy? You jest LOL

> (there is one other fix published in my bitbucket hg repository which is
> a minor documentation cleanup).
> 
> Please let me know what you think about these two changes.

1) You're running the changed code on your server?

2) CHANGELOG

  - Properly filter local signatures which were not intended to be
    exportable

3) A quick perusal -- they look good

Dan, it's OK to reply off-list on this.

-- 
John P. Clizbe                      Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP                  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:address@hidden

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, (continued)

Prev by Date: Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications]
Next by Date: Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications]
Previous by thread: Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications]
Next by thread: Re: [Sks-devel] SKS should not accept or replay non-exportable certifications
Index(es):
- Date
- Thread