On Sep 14, 2013, at 1:51 AM, John Clizbe jpcli...@gingerbear.net wrote:
I agree with Werner and Dave Shaw that you are wrong. If you are so convinced
you are correct, post, with _ALL_ the particulars not just those that support
your stance, to the IETF-OpenPGP list and get their opinion.
To
On 9/14/2013 3:08 PM, Daniel Kahn Gillmor wrote:
Let me also be clearer about why i find this bug serious...
I am still not seeing why this bug is serious. It still seems to be a
case of mountains and molehills.
I have told numerous people that the keyserver network will not
propagate
On 09/14/2013 05:00 PM, Robert J. Hansen wrote:
[dkg wrote]:
I have told numerous people that the keyserver network will not
propagate local signatures.
This is true.
No, unfortunately, it is not true in any way for SKS 1.1.4 (and probably
earlier versions, though i have not tested). In
On Fri, 2013-09-13 at 20:33 -0400, Robert J. Hansen wrote:
In what bizarro universe is SKS an implementation of RFC4880?
Well it uses/processes OpenPGP message formats (i.e. by
storing/publishing them).
___
Sks-devel mailing list
Sks-devel@nongnu.org
Daniel Kahn Gillmor wrote:
On 09/14/2013 05:00 PM, Robert J. Hansen wrote:
[dkg wrote]:
I have told numerous people that the keyserver network will not
propagate local signatures.
This is true.
No, unfortunately, it is not true in any way for SKS 1.1.4 (and probably
earlier versions,
On Sat, Sep 14, 2013 at 08:46:05PM -0500, John Clizbe wrote:
As I see it, we have two related problems here, both involving the no-export
signature flag:
2) JimBob lsigns his own key, creating a non-exportable selfsig then delsigs
all of the exportable selfsigs. This is shooting oneself in
Phil Pennock wrote:
On 2013-09-12 at 19:40 -0400, Daniel Kahn Gillmor wrote:
While this seems like it is probably a fixable bug for someone who knows
their way around the codebase, I forsee problems with synchronizing the
pool, if some SKS keyservers start following the spec and others remain
On 9/13/2013 5:48 PM, Daniel Kahn Gillmor wrote:
RFC 4880 is explicit:
Some implementations do not represent the interest of a single user
(for example, a key server). Such implementations always trim local
certifications from any key they handle.
I don't see a MUST in there. The
Daniel Kahn Gillmor wrote:
Someoneā¢ (0x75D292D353ADACCD) made a non-exportable certification on
your user ID John P. Clizbe jpcli...@keyservers.net
(2048R/0x2313315C435BD034). Someone else uploaded that key to a
keyserver (ok, i admit it was me :P). The keyserver network is
currently
On Fri, 2013-09-13 at 18:09 -0400, Daniel Kahn Gillmor wrote:
Did anyone on this list expect the keyserver network to
propagate non-exportable certifications?
Nah,... not really, IMHO it should be considered a bug, and ideally such
existing signatures should be removed if possible.
And I guess
SKS appears to be in violation of RFC4880 by freely importing and
exporting non-exportable certifications.
Background
--
The OpenPGP specification includes a certification subpacket known as
Exportable Certification. When present, and set to 0, it indicates
that the certification is
11 matches
Mail list logo