Phil Pennock wrote:
> On 2013-09-12 at 19:40 -0400, Daniel Kahn Gillmor wrote:
>> While this seems like it is probably a fixable bug for someone who knows
>> their way around the codebase, I forsee problems with synchronizing the
>> pool, if some SKS keyservers start following the spec and others remain
>> non-compliant.
>>
>> Any thoughts or suggestions on how to resolve this problem?
>
> A hack would be to have a filter on, which strips them by default, and
> clean=off disables that. The data's out there, trying to pretend it's
> not would be problematic in many ways, so we might as well just ensure
> that normal retrievals don't pick up the sigs, and also of course block
> _new_ uploads of such sigs.
Actually, the hack here, as discussed over on gnupg-users, is trying to use
lsign to mark a key to keep it off of the keyservers. The problem is that
produces a key, that if the erroneous use is followed, that has no binding
self-sig on the UID. While a regular certification and a self-sig are both
signatures, the selfsig performs other important functions within OpenPGP.
There is nothing to fix here, either in SKS or in GnuPG. The thread on
GnuPG-users has the needed discussion.
--
John P. Clizbe Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-k...@gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
