Security of the gpg private keyring?

David Shaw dshaw at jabberwocky.com
Wed Mar 2 00:46:39 CET 2011


On Mar 1, 2011, at 6:29 PM, MFPA wrote:

> On Tuesday 1 March 2011 at 8:56:56 PM, in
> <mid:201103012156.57096 at thufir.ingo-kloecker.de>, Ingo Klöcker wrote:
> 
> 
>> Hmm. Why do the keyservers need to support it at all?
>> IMO the clients  that want to upload a key should check
>> for this flag and warn the user if a key has this flag.
> 
> I think the warning would be a good idea because it should serve to
> reduce accidental uploading of keys (except by those who view such
> warnings as "noise" and just click through without really reading
> them).
> 
> Since the keyserver-no-modify flag is set by default in GnuPG and this
> warning would be triggered for a large percentage of keys, why bother
> checking for the flag? "Do you really want to publish this key to a
> keyserver?" could be asked every time the user told the client to
> upload any key, perhaps also displaying some info about the key and
> the server.

For that matter, you could just emit the warning for any key that you don't also have the secret part for.  That is, keys that have a higher chance of not being yours.

I would worry about the warning being invisible after a while though.

David




More information about the Gnupg-users mailing list