Vincent Breitmoser <look@my.amazin.horse> writes: >> - to do this keyservers will have to actually do cryptography > > Are you sure? I don't think there's any attack scenario here: If any > such signature exists, you can't upload the key.
You can strip that signature. If you only consider accidental uploads of the key that's no problem at all. If you want to *prevent* the key from being uploaded You'll have to require that *all* self-signatures contain the annotation and you have to (cryptographly) ensure the key contains valid self-signatures (so an intruder can't fake a key without the annotation). I guess one could even have both (if willing to accept the crypto requirement on the keyserver) -- it'll be rejected of any such self-sig exists and also rejected if no other usable self-sig is present. Christoph _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel