-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2012-05-26 07:58, Gabor Kiss wrote: >> Is there really a need to carry around every expired signature >> forever from a robo-signer? > >> Should/could some of the expired signatures be actively filtered >> (and archived) instead of being carried in SKS key servers >> forever? Yes a policy change like this would be controversial and >> difficult to deploy. > > I agree. >
I too, agree, that this is something that should be considered. GnuPG is already doing its own cleaning up of the code for similar reasons, something which was discussed back in April 2011 as well[0] (and reminded me about [1], I had nearly forgotten about that) :) But as you say Jeff, we'd need to set up a proper policy for it, if we do. Are there other signatures that can be considered robosigners that should be incorporated, or is PGP Corp's the most used and as such the only one that deserve a discussion? And also, where should it be cleaned up? In order for it to be any effect, it'd probably have to be done in the "sks cleandb" command, and add a filter for existing keys. In addition then, the filter should be used for incoming keys, which would result in a change of the compatible gossip version of SKS (if I'm not mistaken the gossip protocol require the same filters to be applied; reconCS.ml around line 61) So is the cost of disk space worth breaking the backwards compatibility? [0] http://www.mail-archive.com/sks-devel@nongnu.org/msg01820.html [1] http://www.kfwebs.net/articles/article/17/GPG-mass-cleaning-and-the-PGP-Corp.-Global-Directory - -- - ---------------------------- Kristian Fiskerstrand http://www.sumptuouscapital.com Twitter: @krifisk - ---------------------------- Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws - ---------------------------- This email was digitally signed using the OpenPGP standard. If you want to read more about this The book: Sending Emails - The Safe Way: An introduction to OpenPGP security is now available in both Amazon Kindle and Paperback format at http://www.amazon.com/dp/B006RSG1S4/ - ---------------------------- Public PGP key 0xE3EDFAE3 at http://www.sumptuouscapital.com/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJPwfKGAAoJEBbgz41rC5UIzkAP/AzCixqYHupyrYZsYQHjYIBk wDPRIC60qLqn1suiKZrWQc9TpVrMHdyn6dvJXNE38wC3rIR7yjEOUG/cysecNKOd ngZcs4a9wah3pQNK8yLYzpBOHdZdz+1AWjUmNIMnAnuVzpf9VPVNKG9ctSqobpLL sB5zThGXrTFsUS1ADuICQo8B7S8ZlnV210yCsGplWNCcJ5bSwXV9MpJT8WPSOPuK C9EdML2nrB7Jw4AvPolqs/E+4smTurdr+YEVjM+vlp7jcGxi0MQeCiBGHQbbYs3x WflUHgUS9XT8a/LdulZ1FP+fJLPHIZlstuqtWRFT8Q4chqi7QRpPMGduUZSja/oQ NniQ93Bb7ozoVx0tH7IMO8KmmmxgtWHIedMZix55+m+ERDnndTS8kspE3RDWlKWh jQnZ0oQ7Jc4j16sRmJI1HJfmaaYKiPKrOaQgix6YIhhQDk5EpWsADuLjFcVJLQG9 FzVb/8zTU4QezkZxSSRzoRDB+YZTMgVOkxJg7JkbSMSxs4zScqnzhSwno4Y5f/Aq 72M8SpGWBG3ihdp5ThJKdleiJCrEBZZeg+tGjLLU9o0od+is+D4kr8HoD+RLzWdV BUxnQT6g8QyxygrThYZE25UT+2is/fgUkyjwils8vpbTkRv9UMep2zYQPKgETnv8 YQlOuLMsuxpjtE/L57TN =UAl1 -----END PGP SIGNATURE----- _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
