|
From: | Christoph Egger |
Subject: | Re: [Sks-devel] nokeyserver annotation |
Date: | Tue, 20 Dec 2016 19:25:57 +0100 |
User-agent: | Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/kfreebsd) |
Vincent Breitmoser <address@hidden> writes: >> - to do this keyservers will have to actually do cryptography > > Are you sure? I don't think there's any attack scenario here: If any > such signature exists, you can't upload the key. You can strip that signature. If you only consider accidental uploads of the key that's no problem at all. If you want to *prevent* the key from being uploaded You'll have to require that *all* self-signatures contain the annotation and you have to (cryptographly) ensure the key contains valid self-signatures (so an intruder can't fake a key without the annotation). I guess one could even have both (if willing to accept the crypto requirement on the keyserver) -- it'll be rejected of any such self-sig exists and also rejected if no other usable self-sig is present. Christoph
[Prev in Thread] | Current Thread | [Next in Thread] |