[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: openpgplint: encouraging best practices for OpenPGP keys today
- To: Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx>
- Subject: Re: openpgplint: encouraging best practices for OpenPGP keys today
- From: Daniel Franke <df@xxxxxxxxxx>
- Date: Thu, 11 Jun 2009 19:52:49 -0700
- Cc: IETF OpenPGP Working Group <ietf-openpgp@xxxxxxx>
- Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=dfranke.us; s=default; t=1244775169; bh=U87Q4aIJa5dX4mPUaapUbJ7mRMdxrMvKZWvDsDU4J8w=; h=From:To:Cc:Subject:References:Date:In-Reply-To:Message-ID: MIME-Version:Content-Type; b=oAkF+VpuMCXYDtxxPsYnti9Tr8M04xRYAF7mh VntqWFGgomZ12EOrPk8DGjgqaiXegm5hOVCI7iMKQaE9F1bEjAF5yFH8qyv3Db89O44 a/TNpm26Lm8O/XPdhqmQ40Hz58HXapZNQkAeVklk8FTnzRQmmhn2hAQksc0r88zDvOT Eh6VPFwiizkC9Dwr2PQ7vm/spkaS5XmfhtsOITlEbYulWTybAOjwMyleeV0zuXeitWp L+UJsufIoAzlDeCHGydoNZKs5Y4KU1RT32IWHgo3CIXbFiUmmQgmXObHknJ3gCO/EbH jWSjACiZGe2olaijBHNZ3Q0WBYnf9G4d+cMAQ==
- In-reply-to: <4A31BA19.5010905@xxxxxxxxxxxxxxxxx> (sfid-20090611_19231_D5F99169) (Daniel Kahn Gillmor's message of "Thu, 11 Jun 2009 22:14:49 -0400")
- List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
- List-id: <ietf-openpgp.imc.org>
- List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
- References: <4A31BA19.5010905@xxxxxxxxxxxxxxxxx>
- Sender: owner-ietf-openpgp@xxxxxxxxxxxx
- User-agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.94 (gnu/linux)
Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx> writes:
> [selfsig-primary]
> The most recent self-sig over the User ID identified in [valid-uid]
> should be marked as the primary User ID.
This expectation doesn't make sense. I have multiple IDs representing
my personal and work addresses. My primary address is my personal one,
but I've had it longer than I've had my current, hence this ID is not
the newest.
> [wot-published]
> The key and associated [valid-uid] and [subkey-encryption] (and their
> most recent binding signatures) should be visible from keyservers in the
> current Web of Trust (maybe this would be a network check against the
> SKS pool?).
Many people have no wish to have their key on public keyservers; there's
even a flag you can set (no-ks-modify) to request that others not upload
it. Some people might only use PGP among a small, well-delineated group
and exchange keys by sneakernet. Also, from when I ran a keyserver a
few years back, I'm fairly sure I remember seeing logs of it being
perused by spammers.
--
Daniel Franke df@xxxxxxxxxx http://www.dfranke.us
|----| =|\ \\\\
|| * | -|-\--------- Man is free at the instant he wants to be.
-----| =| \ /// --Voltaire