> Assuming the intention is tagging my key (which hasn't been published so > far) so it doesn't end up on the keyserver. In that case *all* self-sigs > would need to carry the notation as otherwise an intruder could just > remove the newest nokeyserver selfsig and still have a valid key (iff > all self-sigs have that flag, no upload can be crafted that has > verifying self-signatures and not carry the flag).
There's two approaches here: If just one such self-sig is enough and we don't verify, that will already prevent accidental upload, though not active vandalism. If we want to have that too, we'll have to verify those sigs, and all self-sigs will have to have it. Personally I think the first part is what's important, and the second is probably too complex to accomplish easily. @dkg What were you going for here? - V _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel