Re: [openpgp] Unuploadable Keys
Gregory Maxwell <gmaxwell@gmail.com> Sat, 25 July 2015 17:46 UTC
Return-Path: <gmaxwell@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FDAB1A016A for <openpgp@ietfa.amsl.com>; Sat, 25 Jul 2015 10:46:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YZgB6iLoEa4x for <openpgp@ietfa.amsl.com>; Sat, 25 Jul 2015 10:46:55 -0700 (PDT)
Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com [IPv6:2607:f8b0:4001:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 578071A0161 for <openpgp@ietf.org>; Sat, 25 Jul 2015 10:46:55 -0700 (PDT)
Received: by igbpg9 with SMTP id pg9so40757438igb.0 for <openpgp@ietf.org>; Sat, 25 Jul 2015 10:46:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=g2YHsJDEOY9/JlYW8rdCR/I0FUunvDH5NJ5VzUDCEIo=; b=o5aaXekt4/PCuyW1D6va/FkSQ2n2Ecp+p/8+T5BxkYv7dzSq24ibvKC9HWHXUaH6bF zvYglki29I0mmkD1Z2WNs/BH+MPaH7FTs0ycTpoidBCApH5f3g8cLM2UKkzpTnR1d7Pv PklzvYrCmO/cCxcTLWxZinchrNsYriy1KegslAncYB0AZfYGH15YfDdORJDbHn+d8Ijt D1Vrw3O6Y0yqiM49qfHtnRI1e361Yc6uC7j6V4iz9mJfPCR9HCMOnZ0o0tJMbpZqCsV+ DMfUSXv/h3z4nskJog7yYpmMoeHkJfDAzuBSag9wSJK8USPkr7QGQkDaNruRLQZ/pwLL gPZA==
MIME-Version: 1.0
X-Received: by 10.107.133.94 with SMTP id h91mr35410323iod.1.1437846414622; Sat, 25 Jul 2015 10:46:54 -0700 (PDT)
Received: by 10.107.48.212 with HTTP; Sat, 25 Jul 2015 10:46:54 -0700 (PDT)
In-Reply-To: <87bnf3ck5n.fsf@vigenere.g10code.de>
References: <87a8uxlcvz.wl-neal@walfield.org> <87615dkygj.fsf@alice.fifthhorseman.net> <87bnf3ck5n.fsf@vigenere.g10code.de>
Date: Sat, 25 Jul 2015 17:46:54 +0000
Message-ID: <CAAS2fgRpXd7rEK-4nwP=gDwieum-x0wwR3peQAq7LEDTSnPpeg@mail.gmail.com>
From: Gregory Maxwell <gmaxwell@gmail.com>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, "Neal H. Walfield" <neal@walfield.org>, IETF OpenPGP <openpgp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/W61Z5IMD25lDMzZa0jjTTlLeNbA>
Subject: Re: [openpgp] Unuploadable Keys
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jul 2015 17:46:56 -0000
On Thu, Jul 23, 2015 at 9:12 AM, Werner Koch <wk@gnupg.org> wrote: > On Tue, 21 Jul 2015 23:11, dkg@fifthhorseman.net said: > >> So the question is whether having this as an advisory mechanism (not a >> perfect bulwark against adversarial publication) is worthwhile. If it > > I would really like to see such a standard flag. For whatever reasons > some people do not like to have there keys on a keyserver and only make > them available by other means. Such a flag would also help with testing > to avoid accidental uploads of a key. A related flag, though sadly more complex to implement, would be making it so the list of signatures on a key must be signed by a selected subkey. This would prevent an irritating attack where people create random and sometimes harassing or offensive keyids and use them to sign your key and upload the result to the keyservers-- which is one of the most common reasons I've seen cited for people not wanting their keys on keyservers.
- [openpgp] Unuploadable Keys Neal H. Walfield
- Re: [openpgp] Unuploadable Keys Daniel Kahn Gillmor
- Re: [openpgp] Unuploadable Keys Werner Koch
- Re: [openpgp] Unuploadable Keys Neal H. Walfield
- Re: [openpgp] Unuploadable Keys Gregory Maxwell
- Re: [openpgp] Unuploadable Keys Vincent Breitmoser
- Re: [openpgp] Unuploadable Keys Daniel Kahn Gillmor