Keyserver doesn't honour signature removal
== I think my last post went wild because the subscription process wasn't completed yet ... Hi list, due to dome issues, I have pretty many signatures on my key that I don't want (or need) anymore. I can remove them locally, but when sending the key to the keyserver afterwards, the changes are just ignored. Is it even possible to remove signatures from a key and distribute this change? Or am I doing something wrong? Regards, Nik signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver doesn't honour signature removal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dominik George wrote: > Is it even possible to remove signatures from a key and distribute this > change? Or am I doing something wrong? What lands on the Keyservers stays on the Keyservers, forever. :( This is due to the sharing/gossip nature of most Keyservers. There are 2 Keyservers I am aware of which do not share/gossip; Big Lumber & PGP Global Directory. Of these 2 _only_ BL prevents anyone but the Key/Account Owner from 'changing' the listed Key. Listing Your Key at www.biglumber.com will allow You to display Your Key exactly as You desire it to appear and folks may be directed to retrieve it from there via a Comment line or a signature tagline. I am not aware of the ability to specify the Big Lumber listing in a 'Preferred Keyserver' flag. IMO, the benefits of having One's Key available via auto-retrieval outweighs the hassle of undesired Signatures and the 'baggage' of old/revoked UID's. YMMV JOHN ;) Timestamp: Sunday 12 Apr 2009, 08:00 --400 (Eastern Daylight Time) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10-svn4979: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ4dgNAAoJEBCGy9eAtCsPzH4H/3Xnt6nJw60DBZB0TU2L85s5 dBP5mjLYaUzLL0CXj4dtoWgHdfUcJRTuGyeQKNHuXEnjA9ksMjGGwozSLEk1cZTd +zxzLEK8RYEB6M0Fk8h4RrDpXTIDHLZen33JDfVIfDeWNTbHXcwaS6YAHSb7YACR /nAwYPyYryYoaTuuBz0zB+SZHpu3N71tnGciIzbBh5CvlutHOwxTQcv55Yg3daDa Yf/OCnzSWjN8H6VFBMKtRIBsBt89uzBe2V3RjKH1kh/CSkba3tVB0JBwoXc32eo3 VHeqPLoijghAz9PBXX36dJ9JKmsILKJzQ7aILAtePagFwE8k2uauG48/YRFQnYA= =KhC/ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver doesn't honour signature removal
Hi John, that is, I can add anything I want to my key, but never remove it? Not even signatures? I understand that I cannot remove keys, but I think any changes that require my secret key would be ok :( ... -nik John W. Moore III schrieb: > Dominik George wrote: > > > Is it even possible to remove signatures from a key and distribute this > > change? Or am I doing something wrong? > > What lands on the Keyservers stays on the Keyservers, forever. :( > > This is due to the sharing/gossip nature of most Keyservers. There are > 2 Keyservers I am aware of which do not share/gossip; Big Lumber & PGP > Global Directory. Of these 2 _only_ BL prevents anyone but the > Key/Account Owner from 'changing' the listed Key. > > Listing Your Key at www.biglumber.com will allow You to display Your Key > exactly as You desire it to appear and folks may be directed to retrieve > it from there via a Comment line or a signature tagline. I am not aware > of the ability to specify the Big Lumber listing in a 'Preferred > Keyserver' flag. > > IMO, the benefits of having One's Key available via auto-retrieval > outweighs the hassle of undesired Signatures and the 'baggage' of > old/revoked UID's. YMMV > > JOHN ;) > Timestamp: Sunday 12 Apr 2009, 08:00 --400 (Eastern Daylight Time) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver doesn't honour signature removal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dominik George wrote: > that is, I can add anything I want to my key, but never remove it? Not > even signatures? This is Correct! Upload a Key with signatures removed and as soon as that Keyserver 'refreshes' during the next round of updating from all other Keyservers it is linked to the removed signatures are restored. End of story! > I understand that I cannot remove keys, but I think any changes that > require my secret key would be ok :( ... Err How? The only time Your passphrase is required is when You are a revoking a Signature You, yourself, made. Your Secret Key isn't, or shouldn't be, on the Keyservers. Anybody can Sign Your Key and upload it to the Keyservers whenever they desire. Your Public Key is in the public domain. This is why some folks maintain a listing of their clean, desired Key on Big Lumber or the PGP GD. With Big Lumber only You may access Your listed Key to make 'changes' and with PGP GD any uploaded Key requires verification of each UID email address via a Ping/Pong challenge before it is listed for dissemination. JOHN 8-) Timestamp: Sunday 12 Apr 2009, 12:25 --400 (Eastern Daylight Time) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10-svn4979: (MingW32) Comment: Public Key at: http://tinyurl.com/8cpho Comment: Gossamer Spider Web of Trust: https://www.gswot.org Comment: Homepage: http://tinyurl.com/yzhbhx iQEcBAEBCgAGBQJJ4hXkAAoJEBCGy9eAtCsPB8YIAINKj7JjbwEasf7tL6KXpKwJ y4cfIAqUlA6AtIjvI9lkLIAYtAvMZnAGRNpesUI9T9LBD4M2WzK3lEl93sBzQnPs 99FhCrs8POySWkx6hLuY5zJMzvon1C/xz9JMTWbgdyVct+d+ZMsMTPuRNbJuqhTz ufn4ynlKCApP+UGCD4wi/aWb7u1+8lt6sjmet/zP04GN0e6EtB5Gu+jdTnbEMu6w cYhGWQB5AyCU+3j/dhRAmovx2ekyoRMk6tFsJT+OVGYZMbZMYJ7IzZAMZ5/q/NBx +6I5CMm75opKlmCILMwAYEwb1UFPXQsqhcGfgvrwFwWvxFLOFWjO9bCSZ19qOgA= =TVRF -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keyserver doesn't honour signature removal
Dominik George wrote: > due to dome issues, I have pretty many signatures on my key that I don't > want (or need) anymore. I can remove them locally, but when sending the > key to the keyserver afterwards, the changes are just ignored. That is correct, by design keyservers are merge only. It prevents attacks on the keys stored on keyservers such as removing revocations. > Is it even possible to remove signatures from a key and distribute this > change? Or am I doing something wrong? You can remove any cruft you wish and distribute that key yourself. You just can't use the keyserver networks to do it. Also anyone who refreshes that key from a keyserver will pick up all the pieces you decided needed deleting. -- John P. Clizbe Inet:John (a) Mozilla-Enigmail.org You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=help Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
