> On Aug 14, 2019, at 6:32 PM, MFPA via Gnupg-users <gnupg-users@gnupg.org> > wrote:
> On Wednesday 14 August 2019 at 10:39:56 AM, in > <mid:33b6296c-8619-dab1-d83d-d67b9d5cb...@tana.it>, Alessandro Vesely > via Gnupg-users wrote:- > >> I'm no expert, but it seems to me that 3rd party >> signatures should not >> be allowed. > > Perhaps a "keyserver no-third-party-signatures" option would resolve > this. Unlike "keyserver no-modify", honouring it would not require a > keyserver to undertake any cryptographic checking. No, then the “attack” just changes to making the issuing keyid = the keyid being attacked, so everything looks like a selfsig... But at least then we will want to add cryptography to see which selfsigs are truly legitimate, right? Sent from my iPad _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
