On 9/14/2013 3:08 PM, Daniel Kahn Gillmor wrote: > Let me also be clearer about why i find this bug serious...
I am still not seeing why this bug is serious. It still seems to be a case of mountains and molehills. > I have told numerous people that the keyserver network will not > propagate local signatures. This is true. However, as Ray Lee once said, "every truth has a context." Here the context is, "but if you try to prove how clever you are by creating corner-case certificates, you may wind up hoist in your own petard." > If the keyserver network actively forwards these certifications, > then users of the keyserver network and local certifications stand a > greater risk of global data leakage that they do not want. Please show me real users who are having troubles dealing with this bug. Not just you, because we've already established you're in love with weird corner cases. If this is affecting real users then I would be all in favor of further discussion on this subject. Without them, though, I'm inclined to say "enough already!" At some point you have to apply the instant-reply rule: if after watching the instant reply three times you have no idea what the correct decision is, then there is no wrong decision. Move forward and respect the decision of the person making the call. In this case, whatever decision the SKS maintainers make, I will cheerfully accept. > But i still believe this to be a reasonable expectation IMO, the fact RFC4880 implicitly allows a non-exportable self-signature should be considered a bug. IYO, this isn't a bug but a feature, and SKS's willingness to propagate these self-sigs is the bug. Both sides have arguments in their favor. Ultimately, it's up to the maintainers and the keyserver community to decide which will be the canonical behavior. Although I believe SKS's behavior as it currently stands is technically in error, I do not believe the alternatives you are presenting amount to a good fix. I encourage the maintainers and the community to not worry about this until/unless we see real users being impacted by it. _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
