Re: [openpgp] Unuploadable Keys
Werner Koch <wk@gnupg.org> Thu, 23 July 2015 09:15 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3894D1A010D for <openpgp@ietfa.amsl.com>; Thu, 23 Jul 2015 02:15:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y3KUaHajnPxk for <openpgp@ietfa.amsl.com>; Thu, 23 Jul 2015 02:15:23 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CB651A1B5D for <openpgp@ietf.org>; Thu, 23 Jul 2015 02:15:23 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1ZICb3-0004UL-5p for <openpgp@ietf.org>; Thu, 23 Jul 2015 11:15:21 +0200
Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1ZICY8-0001KA-Dm; Thu, 23 Jul 2015 11:12:20 +0200
From: Werner Koch <wk@gnupg.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
References: <87a8uxlcvz.wl-neal@walfield.org> <87615dkygj.fsf@alice.fifthhorseman.net>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com
Mail-Followup-To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, "Neal H. Walfield" <neal@walfield.org>, IETF OpenPGP <openpgp@ietf.org>
Date: Thu, 23 Jul 2015 11:12:20 +0200
In-Reply-To: <87615dkygj.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Tue, 21 Jul 2015 23:11:40 +0200")
Message-ID: <87bnf3ck5n.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/Q5kB2FWPVkcRYt60EqVPjPxRn48>
Cc: IETF OpenPGP <openpgp@ietf.org>, "Neal H. Walfield" <neal@walfield.org>
Subject: Re: [openpgp] Unuploadable Keys
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2015 09:15:25 -0000
On Tue, 21 Jul 2015 23:11, dkg@fifthhorseman.net said: > So the question is whether having this as an advisory mechanism (not a > perfect bulwark against adversarial publication) is worthwhile. If it I would really like to see such a standard flag. For whatever reasons some people do not like to have there keys on a keyserver and only make them available by other means. Such a flag would also help with testing to avoid accidental uploads of a key. This can be implemented with a new flag value for the key server preferences. The only defined 0x80 flag is not really useful because there is no definition on now a keyserver can check that an update request comes from the key holder. A new 0x40 = Do not send or refresh from a keyserver could be used for this. Of course it is still possible to export (e.g. "gpg --export") them and send them to a keyserver with other tools but it makes administyration (e.g. "gpg --refresh-keys") easier. An additional flag 0x20 = Do not use any public service to send or refresh this key could be used in the same way for DNS or other network based lookups. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] Unuploadable Keys Neal H. Walfield
- Re: [openpgp] Unuploadable Keys Daniel Kahn Gillmor
- Re: [openpgp] Unuploadable Keys Werner Koch
- Re: [openpgp] Unuploadable Keys Neal H. Walfield
- Re: [openpgp] Unuploadable Keys Gregory Maxwell
- Re: [openpgp] Unuploadable Keys Vincent Breitmoser
- Re: [openpgp] Unuploadable Keys Daniel Kahn Gillmor