no-ks-modify effect on signature uploads
David Shaw
dshaw at jabberwocky.com
Wed Aug 11 16:11:24 CEST 2010
On Aug 11, 2010, at 7:33 AM, Hauke Laging wrote:
> Hello,
>
> a few weeks ago we had a discussion about the no-ks-modify flag (being not
> reliably supported by the keyservers yet).
>
> It certainly makes a difference whether you can accidentally ignore this flag
> or have to ignore it intentionally. This raises the question (I admit I was
> too lazy to test that myself) whether gpg ignores this flag. Does gpg upload
> signatures for other people's key which have this flag? The keyservers don't
> do crypto checks but gpg could, of course. IMHO it would make sense for gpg to
> reject uploads in these cases.
I actually considered this once, but in the end, it would be confusing to have a key be uploadable with PGP but not GPG. Also, it could be defeated trivially by just exporting a key to a text file (always legal), and then uploading it to the keyservers using the web. It would have been an illusion of actual functionality.
David
More information about the Gnupg-users
mailing list