Phil Pennock wrote: > On 2013-09-12 at 19:40 -0400, Daniel Kahn Gillmor wrote: >> While this seems like it is probably a fixable bug for someone who knows >> their way around the codebase, I forsee problems with synchronizing the >> pool, if some SKS keyservers start following the spec and others remain >> non-compliant. >> >> Any thoughts or suggestions on how to resolve this problem? > > A hack would be to have a filter on, which strips them by default, and > clean=off disables that. The data's out there, trying to pretend it's > not would be problematic in many ways, so we might as well just ensure > that normal retrievals don't pick up the sigs, and also of course block > _new_ uploads of such sigs.
Actually, the hack here, as discussed over on gnupg-users, is trying to use lsign to mark a key to keep it off of the keyservers. The problem is that produces a key, that if the erroneous use is followed, that has no binding self-sig on the UID. While a regular certification and a self-sig are both signatures, the selfsig performs other important functions within OpenPGP. There is nothing to fix here, either in SKS or in GnuPG. The thread on GnuPG-users has the needed discussion. -- John P. Clizbe Inet: John (a) Gingerbear DAWT net SKS/Enigmail/PGP-EKP or: John ( @ ) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=HELP Q:"Just how do the residents of Haiku, Hawai'i hold conversations?" A:"An odd melody / island voices on the winds / surplus of vowels" _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel