On Tue, 16 Jan 2018 22:56, kristian.fiskerstr...@sumptuouscapital.com said:
>> (c) rejected all third-party certifications -- so data attached to a >> given primary key is only accepted when certified by that primary >> key. >> > > thanks for this post Daniel, my primary question would be what advantage > is gained by this verification being done by an arbitrary third party This can help to avoid DoS attacks. I would love to see that to get my key down to a reasonable size. OpenPGP specifies Key Server Preferences (5.2.3.17) with just one flag: First octet: 0x80 = No-modify the key holder requests that this key only be modified or updated by the key holder or an administrator of the key server. By default GnuPG sets this flag but unfortunately it has no effect because it is not defined on how the keyserver can check this condition. A way to implement this without requiring an external protocol would be an extension to OpenPGP to either allow an Embedded Signature (5.2.3.26) in a key signature. With ECC this would not increase the size of a key signature too much. It puts a burden on the keyservers to check this signature during an upload, though. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpjMoDIr4efZ.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users