[Sks-devel] Fwd [from schleuder dev team]: Signature-flooded keys: current situation and mitigation
Wiktor Kwapisiewicz
wiktor at metacode.biz
Fri Jul 19 12:34:13 CEST 2019
Hi Andrew,
On 18.07.2019 19:35, Andrew Gallagher wrote:
> A key owner can (preferably automatically) create a “self-identity” on her primary key consisting of a well-known string that contains no personal information. To avoid breaking legacy search-by-id systems this string should be unique to the primary key. I suggest using “fpr:00000000000000000000000000000000000”, where the zeros are replaced by the fingerprint of the key. The self-identity (and any revocations on it) can then be safely distributed by keystores that would otherwise refuse to distribute personal info.
Minor thing: I suggest using
"openpgp4fpr:00000000000000000000000000000000000" instead of "fpr".
That'd make the User ID a valid URI as "openpgp4fpr" is an assigned URI
Scheme, see:
https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml
Probably the cleanest solution (suggested by others) would be using
direct key signature (0x1F) [0] and avoid User IDs entirely. Your
suggestion Andrew has the benefit that it's immediately backwards
compatible with software "in the wild".
[0]: https://tools.ietf.org/html/rfc4880#section-5.2.1
Kind regards,
Wiktor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190719/059b9ba5/attachment-0001.sig>
More information about the Gnupg-users
mailing list