Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
David Shaw wrote: On Sun, Sep 11, 2005 at 09:27:54PM +0200, Johan Wevers wrote: David Shaw wrote: I have sympathy for that argument, so wouldn't it be good to trace down where the sigs are entering the keyserver net, and ask whoever is doing it to stop? It seems like the obvious first step. Assuming this is possible at all. I don't know exctly what keyservers log, but I'd assume that making the links GD sig upload - IP address - email address is not trivial. It wasn't an idle suggestion. You can assume that I do, in fact, know that this is possible, or I wouldn't have suggested it. Why on earth an email address is relevant here I have no idea. You don't need anything more than the IP address. I made the suggestion as a challenge. The trace is not actually going to happen, as it is far, far more entertaining to complain and moan about the GD than it would be to see who is bridging the signatures. It has been suggested that automatically retrieving keys from keyservers can expose your IP to the keyserver manager, as all they have to do is generate a new key, send it to you, and wait until someone downloads that key... It seems likely that sigs from the GD are entering via one of two ways: firstly, individuals putting their keys on the global directory, and then sending their keys with GD sigs out to SKS keyservers; secondly, someone doing a 2-way synchronisation of their entire keyring with both the GD and the SKS network. -- Alphax | /\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email vCards http://tinyurl.com/cc9up| / \ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs) / Feature Request
cdr wrote: MUS1876 wrote: Alphax wrote: I have friends who currently don't want to use PGP because they fear that their keys will be uploaded to a keyserver, and then they will be spammed forever more. I totally agree what friends of Alphax say. Wouldn't it be cute to have a sepcial option to flag both keys and subkeys as non exportable (uploadable) to keyservers? Speaking of myself at current, I also don't want to see any of my keys posted to a keyserver by someone else, be it on intention or not. The time is ripe for a GPG variant: (GPG-lean ?): a public key encryption utility with no built-in e-mail ties and no attempt whatsoever to incorporate the solution for the authentication problem. (For the majority of us, fingerprint-exchange-by-voice is more perfectly adequate). Ciphersaber? -- Alphax | /\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email vCards http://tinyurl.com/cc9up| / \ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs) / Feature Request
Alphax wrote: The time is ripe for a GPG variant: (GPG-lean ?): a public key encryption utility with no built-in e-mail ties and no attempt whatsoever to incorporate the solution for the authentication problem. (For the majority of us, fingerprint-exchange-by-voice is perfectly adequate). Ciphersaber? ...public key...! (Hybrid actually, but that is understood). (There is no shortage of excellent symmetric encryptors, easier to use and based on stronger ciphers. Ciphersaber is an RC4 based, specifically designed to satisfy a somewhat dubious notion of let's-all-make-our-own-crypto-software). cdr ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
David Shaw wrote: Known by *you*. I rather think the GD is a good signer, for what it is. I think both of you need to make a difference between a bad signer that signs keys without doing sufficient checking, and a signer that spams signatures in quantities that could become a DOS attack. The GD falls in the second category, not in the first. -- ir. J.C.A. Wevers // Physics and science fiction site: [EMAIL PROTECTED] // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
David Shaw wrote: I have sympathy for that argument, so wouldn't it be good to trace down where the sigs are entering the keyserver net, and ask whoever is doing it to stop? It seems like the obvious first step. Assuming this is possible at all. I don't know exctly what keyservers log, but I'd assume that making the links GD sig upload - IP address - email address is not trivial. -- ir. J.C.A. Wevers // Physics and science fiction site: [EMAIL PROTECTED] // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
On Sun, Sep 11, 2005 at 09:27:54PM +0200, Johan Wevers wrote: David Shaw wrote: I have sympathy for that argument, so wouldn't it be good to trace down where the sigs are entering the keyserver net, and ask whoever is doing it to stop? It seems like the obvious first step. Assuming this is possible at all. I don't know exctly what keyservers log, but I'd assume that making the links GD sig upload - IP address - email address is not trivial. It wasn't an idle suggestion. You can assume that I do, in fact, know that this is possible, or I wouldn't have suggested it. Why on earth an email address is relevant here I have no idea. You don't need anything more than the IP address. I made the suggestion as a challenge. The trace is not actually going to happen, as it is far, far more entertaining to complain and moan about the GD than it would be to see who is bridging the signatures. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs) / Feature Request
I have friends who currently don't want to use PGP because they fear that their keys will be uploaded to a keyserver, and then they will be spammed forever more. Hi, I totally agree what friends of Alphax say. Wouldn't it be cute to have a sepcial option to flag both keys and subkeys as non exportable (uploadable) to keyservers? Speaking of myself at current, I also don't want to see any of my keys posted to a keyserver by someone else, be it on intention or not. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs) / Feature Request
On Sat, Sep 10, 2005 at 05:34:53PM +0200, MUS1876 wrote: I have friends who currently don't want to use PGP because they fear that their keys will be uploaded to a keyserver, and then they will be spammed forever more. Hi, I totally agree what friends of Alphax say. Wouldn't it be cute to have a sepcial option to flag both keys and subkeys as non exportable (uploadable) to keyservers? Speaking of myself at current, I also don't want to see any of my keys posted to a keyserver by someone else, be it on intention or not. There is such a flag, and GnuPG even sets it by default (type showpref in the --edit-key menu and you'll see keyserver no-modify). Unfortunately, the keyservers don't honor the flag... David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs) / Feature Request
I have friends who currently don't want to use PGP because they fear that their keys will be uploaded to a keyserver, and then they will be spammed forever more. Hi, I totally agree what friends of Alphax say. Wouldn't it be cute to have a sepcial option to flag both keys and subkeys as non exportable (uploadable) to keyservers? Speaking of myself at current, I also don't want to see any of my keys posted to a keyserver by someone else, be it on intention or not. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
David Shaw wrote: I'd be all in favor of an option where users could elect to filter out keys: that would put the user in control. Forcing your decision on others by stripping signatures is a very disturbing step. Considering the behaviour of the GD, I'd say it's also a practical issue about resources: if it keeps signing keys like this, an SKS server might well be in need of seriously more hardware than it is now. Someone's got to pay for that, amd I don't think all keyserver maintainers want to. -- ir. J.C.A. Wevers // Physics and science fiction site: [EMAIL PROTECTED] // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
Alphax wrote: Carrying out a full cleaning of keys stored on keyservers would seriously damage the WoT. Too bad. However, if you just strip the GD signature off the damage won't be too large. Removing duplicated signatures however would probably have little impact, assuming you are removing only the newest ones Don't you mean keeping the newst ones? I have friends who currently don't want to use PGP because they fear that their keys will be uploaded to a keyserver, and then they will be spammed forever more. They don't HAVE to add their email address to their key. I've seen several keys with only a name in it. After all, pgp/gpg is also usable without email. You can also use it to distribute encrypted files by carrying them on a floppy/CD/memory stick/whatever. -- ir. J.C.A. Wevers // Physics and science fiction site: [EMAIL PROTECTED] // http://www.xs4all.nl/~johanw/index.html PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
On Fri, Sep 09, 2005 at 07:38:31PM +0930, Alphax wrote: Johan Wevers wrote: David Shaw wrote: I'd be all in favor of an option where users could elect to filter out keys: that would put the user in control. Forcing your decision on others by stripping signatures is a very disturbing step. Considering the behaviour of the GD, I'd say it's also a practical issue about resources: if it keeps signing keys like this, an SKS server might well be in need of seriously more hardware than it is now. Someone's got to pay for that, amd I don't think all keyserver maintainers want to. Carrying out a full cleaning of keys stored on keyservers would seriously damage the WoT. Removing duplicated signatures however would probably have little impact, assuming you are removing only the newest ones and keeping any signatures with attributes set (notation data, policy URLs, revocation/expiry status). If the keyservers had crypto support, you could do the equivalent of GnuPG clean on each key. Without crypto support, though, you could remove a good signature and keep a bad one. I suspect it would be cheaper to store the extra packets than it would be to do all the signature math for every key David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
On Fri, Sep 09, 2005 at 08:31:35AM -0400, David Shaw wrote: On Fri, Sep 09, 2005 at 12:22:00AM -0400, Jason Harris wrote: [I'll address your other points later.] If you insist on presenting a different view to users than the entire rest of the keyserver net, without any way to turn such a feature off, then I suggest that keyserver.kjsl.com be removed from the subkeys.pgp.net rotation. It will cause more confusion than benefit. I pointed out the potential for confusion before. But, now, I'm convinced the best solution _is_ to remove the GD sigs from non- GD keyservers. Also, subkeys.pgp.net is about _subkeys_. If you want gd-retention.pgp.net, go ahead and ask Piete to create it, then configure GPG to use it by default. As well, please give OpenPGP users more credit. They seem to be quite capable of comprehending the differences among keyservers. -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpSXqf5IIQuP.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
On Fri, Sep 09, 2005 at 09:30:35AM -0400, Jason Harris wrote: On Fri, Sep 09, 2005 at 08:31:35AM -0400, David Shaw wrote: On Fri, Sep 09, 2005 at 12:22:00AM -0400, Jason Harris wrote: [I'll address your other points later.] If you insist on presenting a different view to users than the entire rest of the keyserver net, without any way to turn such a feature off, then I suggest that keyserver.kjsl.com be removed from the subkeys.pgp.net rotation. It will cause more confusion than benefit. I pointed out the potential for confusion before. But, now, I'm convinced the best solution _is_ to remove the GD sigs from non- GD keyservers. You seem to continue to ignore my point, probably because it's easier for you to argue this as a GD issue. Let me try again: 1) This isn't about the GD. 2) Nope, not about the GD. 3) Still, not about the GD. 4) It's about one lone keyserver operator, without any discussion with other operators, editing his own keyserver to remove material he doesn't like. 5) Did I mention it wasn't about the GD? Also, subkeys.pgp.net is about _subkeys_. If you want gd-retention.pgp.net, go ahead and ask Piete to create it, then configure GPG to use it by default. Jason, what would you do if one particular keyserver in subkeys.pgp.net refused to sync with the others, so it presented a different view? What would you do if one particular keyserver decided to drop all signatures from you because they don't think you're a good signer (0x11 signatures - argh). Should they be dropped from subkeys.pgp.net? Are they breaching their responsibility to the rest of the keyserver net? Remember: not a GD issue. You're editing your keyserver based on *your* personal preferences. Again, by the way, not a GD issue. As well, please give OpenPGP users more credit. They seem to be quite capable of comprehending the differences among keyservers. You do realize, I hope, that the very email that started this thread was from someone confused about why the keyservers weren't giving back the same material... David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
Johan Wevers wrote: Alphax wrote: Removing duplicated signatures however would probably have little impact, assuming you are removing only the newest ones Don't you mean keeping the newst ones? Er, yes. However as David Shaw pointed out further down the thread, there's no safe way to do so without validating the signatures first. -- Alphax | /\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email vCards http://tinyurl.com/cc9up| / \ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
David Shaw wrote: On Fri, Sep 09, 2005 at 11:02:56AM +0200, Johan Wevers wrote: David Shaw wrote: I'd be all in favor of an option where users could elect to filter out keys: that would put the user in control. Forcing your decision on others by stripping signatures is a very disturbing step. Considering the behaviour of the GD, I'd say it's also a practical issue about resources: if it keeps signing keys like this, an SKS server might well be in need of seriously more hardware than it is now. Someone's got to pay for that, amd I don't think all keyserver maintainers want to. I have sympathy for that argument, so wouldn't it be good to trace down where the sigs are entering the keyserver net, and ask whoever is doing it to stop? It seems like the obvious first step. Well, I don't know *where* they are coming from, but I (and the kind soul who worked it out and told me) know think we know *how* it's being done. And unfortunately, it's very easy (too easy!) to do, especially for someone with a high-speed internet connection. -- Alphax | /\ Encrypted Email Preferred | \ / ASCII Ribbon Campaign OpenPGP key ID: 0xF874C613 |X Against HTML email vCards http://tinyurl.com/cc9up| / \ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
On Sat, Sep 10, 2005 at 12:28:22AM +0930, Alphax wrote: David Shaw wrote: On Fri, Sep 09, 2005 at 11:02:56AM +0200, Johan Wevers wrote: David Shaw wrote: I'd be all in favor of an option where users could elect to filter out keys: that would put the user in control. Forcing your decision on others by stripping signatures is a very disturbing step. Considering the behaviour of the GD, I'd say it's also a practical issue about resources: if it keeps signing keys like this, an SKS server might well be in need of seriously more hardware than it is now. Someone's got to pay for that, amd I don't think all keyserver maintainers want to. I have sympathy for that argument, so wouldn't it be good to trace down where the sigs are entering the keyserver net, and ask whoever is doing it to stop? It seems like the obvious first step. Well, I don't know *where* they are coming from, but I (and the kind soul who worked it out and told me) know think we know *how* it's being done. And unfortunately, it's very easy (too easy!) to do, especially for someone with a high-speed internet connection. Yep. Oddly enough, people seem to blame the GD and PGP company rather than blaming the actual litterer. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
On Thu, Sep 08, 2005 at 10:08:24PM -0400, Jason Harris wrote: On Thu, Sep 08, 2005 at 08:00:25PM -0400, David Shaw wrote: On Fri, Sep 09, 2005 at 12:33:47AM +0200, Dirk Traulsen wrote: 3. Because now I was irritated, I did the same again with a different keyserver 'keyserver.kjsl.com' and I got a completely different result! When I fetched the key 08B0A90B, here it didn't have 47 sigs, but only 15 sigs (see below output2). There was only a double self sig, which 'clean' removed later. How can this be, if the keyservers are synchronized? Looks like they're not all that well synchronized :) Well, keyserver.ubuntu.com is still not participating in email syncs to non-SKS keyservers, but that's a different problem. keyserver.kjsl.com is now stripping all GD sigs. The extra variable in kd_search.c and code for 'case 2:' of make_keys_elem(), respectively: It's your keyserver, and you of course make the choices for what it carries, but for the record, I think this is a bad idea. Skipping the usual discussion about the GD (I don't think anyone will convince anyone else at this point), you do realize that this means you are making a decision to edit the web of trust for others based on your own personal criteria. I'd be all in favor of an option where users could elect to filter out keys: that would put the user in control. Forcing your decision on others by stripping signatures is a very disturbing step. David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
On Thu, Sep 08, 2005 at 10:28:29PM -0400, David Shaw wrote: On Thu, Sep 08, 2005 at 10:08:24PM -0400, Jason Harris wrote: keyserver.kjsl.com is now stripping all GD sigs. The extra variable in kd_search.c and code for 'case 2:' of make_keys_elem(), respectively: It's your keyserver, and you of course make the choices for what it carries, but for the record, I think this is a bad idea. Skipping the usual discussion about the GD (I don't think anyone will convince anyone else at this point), you do realize that this means you are making a decision to edit the web of trust for others based on your own personal criteria. I'd be all in favor of an option where users could elect to filter out keys: that would put the user in control. Forcing your decision on others by stripping signatures is a very disturbing step. Not at all. Anyone who wants sigs from the GD should use that keyserver. They're still available from it, and, remember, expired sigs don't affect the WoT, so what's the point of the well-synchronized keyservers keeping GD sigs? -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 pgpVpCDcbiDjD.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: [Sks-devel] stripping GD sigs (was: Re: clean sigs)
On Thu, Sep 08, 2005 at 11:10:23PM -0400, Jason Harris wrote: On Thu, Sep 08, 2005 at 10:28:29PM -0400, David Shaw wrote: On Thu, Sep 08, 2005 at 10:08:24PM -0400, Jason Harris wrote: keyserver.kjsl.com is now stripping all GD sigs. The extra variable in kd_search.c and code for 'case 2:' of make_keys_elem(), respectively: It's your keyserver, and you of course make the choices for what it carries, but for the record, I think this is a bad idea. Skipping the usual discussion about the GD (I don't think anyone will convince anyone else at this point), you do realize that this means you are making a decision to edit the web of trust for others based on your own personal criteria. I'd be all in favor of an option where users could elect to filter out keys: that would put the user in control. Forcing your decision on others by stripping signatures is a very disturbing step. Not at all. Anyone who wants sigs from the GD should use that keyserver. They're still available from it, and, remember, expired sigs don't affect the WoT, so what's the point of the well-synchronized keyservers keeping GD sigs? You're not dropping expired signatures. You're dropping all signatures from a particular key - expired or not. Those signatures are part of the web of trust. The web of trust now has a different view from your keyserver than from the rest of the world. If I ran a keyserver, would it be appropriate for me to drop all signatures from your key D39DA0E3 simply because they're available somewhere else? Personal opinions as to the usefulness of signatures should not be a factor in what a keyserver stores. It's a very dangerous path to go down: do you also strip signatures from someone known to be a bad signer? What's the criteria for inclusion in your keyserver? Is it stated somewhere so users can read it? David ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users