no-ks-modify effect on signature uploads

Hauke Laging mailinglisten at hauke-laging.de
Fri Aug 13 03:13:01 CEST 2010


Am Mittwoch 11 August 2010 22:11:06 schrieb David Shaw:

> > When doing this with such a key then a warning should be issued. This
> > would have the additional positive effect of making users aware of the
> > privacy problem over time.
> 
> 99%+ of all keys created with GPG have the flag set (it's the default). 
>  This would mean that virtually every time a key was exported with GPG, the
>  exporter would get a warning along the lines of "hey, please don't upload
>  this to a keyserver".
> 
> At that point, it's just noise.

In my opinion that is a strange definition of noise.

If we agree that this is a useful default (the flag set) and that it would be 
great if the keyservers honoured it then the wished for future is that most 
people cannot upload signatures for keys which are not their own.

I would regard such gpg behaviour as a kind if information/education for this 
probable future (earlier or later). So people would start to change their view 
of the infrastructure and the way the use the toole before they are completely 
forced to do so (by the servers).


> I dislike illusion in security software.  Either a protection is strong or
>  it is not, and we should not pretend otherwise.

That is a valid argument but the combination of a feature and its 
documentation is not necessarily pretending of something. If the warning and 
documentation clearly state that this is a convenience feature and not a 
crypto level protection then it is not illusion if anyone gets that wrong. You 
are in big problems nearly at once of you use crypto software without having 
understood how all this stuff works. This would be just one more point, a 
rather harmless one. And you would be forced to ignore clear hints in order to 
make mistakes. That's nothing anyone has to (or even: can) be protected from.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100813/698644f5/attachment-0001.pgp>


More information about the Gnupg-users mailing list