[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Fwd [from schleuder dev team]: Signature-flooded keys: c

From: Wiktor Kwapisiewicz
Subject: Re: [Sks-devel] Fwd [from schleuder dev team]: Signature-flooded keys: current situation and mitigation
Date: Fri, 19 Jul 2019 12:34:13 +0200

Hi Andrew,

On 18.07.2019 19:35, Andrew Gallagher wrote:
A key owner can (preferably automatically) create a “self-identity” on her 
primary key consisting of a well-known string that contains no personal 
information. To avoid breaking legacy search-by-id systems this string should 
be unique to the primary key. I suggest using 
“fpr:00000000000000000000000000000000000”, where the zeros are replaced by the 
fingerprint of the key. The self-identity (and any revocations on it) can then 
be safely distributed by keystores that would otherwise refuse to distribute 
personal info.

Minor thing: I suggest using "openpgp4fpr:00000000000000000000000000000000000" instead of "fpr". That'd make the User ID a valid URI as "openpgp4fpr" is an assigned URI Scheme, see:

Probably the cleanest solution (suggested by others) would be using direct key signature (0x1F) [0] and avoid User IDs entirely. Your suggestion Andrew has the benefit that it's immediately backwards compatible with software "in the wild".


Kind regards,

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]