Re: How to handle photoID on keyserver? (Re: photo support?)

"Michael Young" <mwy-opgp97@the-youngs.org> Tue, 02 July 2002 05:11 UTC

Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id BAA16934 for <openpgp-archive@odin.ietf.org>; Tue, 2 Jul 2002 01:11:32 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id g624xDp02577 for ietf-openpgp-bks; Mon, 1 Jul 2002 21:59:13 -0700 (PDT)
Received: from smtprelay7.dc2.adelphia.net (smtprelay7.dc2.adelphia.net [64.8.50.39]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g624x1w02571 for <ietf-openpgp@imc.org>; Mon, 1 Jul 2002 21:59:11 -0700 (PDT)
Received: from mwyoung ([24.48.51.230]) by smtprelay7.dc2.adelphia.net (Netscape Messaging Server 4.15 smtprelay7 Dec 7 2001 09:58:59) with SMTP id GYLV6C01.R49 for <ietf-openpgp@imc.org>; Tue, 2 Jul 2002 00:59:00 -0400
Message-ID: <000f01c22185$20950800$c23fa8c0@transarc.ibm.com>
From: "Michael Young" <mwy-opgp97@the-youngs.org>
To: <ietf-openpgp@imc.org>
References: <200207020217.LAA29680@blue.h2np.net>
Subject: Re: How to handle photoID on keyserver? (Re: photo support?)
Date: Tue, 2 Jul 2002 00:58:35 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Subject: Re: How to handle photoID on keyserver?  (Re: photo support?) 

PGP doesn't use images anywhere near this size.  David Shaw
suggested that GnuPG will accept any size image, but even so,
I doubt that many people will attach such a large image
to their key.  [I might suggest that GnuPG refuse large
images by default, perhaps overridden with its "-expert" flag.]

I'd also guess that a 3% usage rate is very high.  The vast
majority of the keys on the public servers don't have any
signatures (other than self-).

>   Someone who is not owner of that public key can put public key
>   with PhotoID into public keyserver.  And everyone can get someone's
>   public key with PhotoID.

Yes, anyone can post a key claiming any identity.  This is
really nothing new.

If you're worried about people attaching bogus identities to
established keys, your keyserver could reject those without
self-signatures.  (Most of the keyservers do no verification
at all right now, so this would be a significant change.)

And yes, you could reject photoID packets (and any associated
signatures) if you think size is a problem.  (Even if you
reject them, I would encourage you to leave them in your
sync stream to other keyservers, as they may have a more
permissive policy.)

> I mean if dump key size is 15GB, HDD size is required 60GB at least.

I'm curious as to why this would be.  I can understand some
blowup because of indexing structures, but since you aren't
indexing the photoID packets anyway, I wouldn't expect the
same factor you have now.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQA/AwUBPSEy61MkvpTT8vCGEQIkYQCdEFBasKHCOGY8Avnh53CXDEbdLHcAn0Ff
LL+/kSzUo5R3jN1mXDBCcoco
=jAKp
-----END PGP SIGNATURE-----