[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Blacklisting on UID?

From: Andrew Gallagher
Subject: Re: [Sks-devel] Blacklisting on UID?
Date: Wed, 29 Aug 2018 20:53:25 +0100

> On 29 Aug 2018, at 17:52, Thorsten Bro | openSUSE Heroes <address@hidden> 
> wrote:
> Are there any plans for blacklisting or filtering specific GPG UIDs by
> pattern in the sks server or database?

I think filtering out UIDs by bad-pattern is a fool’s errand. Anyone can put 
anything they want in the real name field of an email UID, encoded using almost 
any scheme that they like, and it would be indistinguishable from a legitimate 
use case. And I would be wary of filtering in by good-pattern, as this could 
prevent the development of new use cases (e.g. monkeysphere). 

If we are worried about arbitrary plain text in UIDs then the only safe thing 
to do is stop storing UIDs altogether. But it is far from clear that merely 
propagating a link is problematic enough to justify the wholesale abandonment 
of UIDs. 


reply via email to

[Prev in Thread] Current Thread [Next in Thread]