[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: [Sks-devel] Fwd [from schleuder dev team]: Signature-flooded keys: current situation and mitigat
From: Wiktor Kwapisiewicz via Gnupg-users <gnupg-users () gnupg ! org>
Date: 2019-07-19 10:34:13
Message-ID: a6f48a77-a09b-4798-f36e-23e07b589ad7 () metacode ! biz
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
Hi Andrew,
On 18.07.2019 19:35, Andrew Gallagher wrote:
> A key owner can (preferably automatically) create a "self-identity" on her primary \
> key consisting of a well-known string that contains no personal information. To \
> avoid breaking legacy search-by-id systems this string should be unique to the \
> primary key. I suggest using "fpr:00000000000000000000000000000000000", where the \
> zeros are replaced by the fingerprint of the key. The self-identity (and any \
> revocations on it) can then be safely distributed by keystores that would otherwise \
> refuse to distribute personal info.
Minor thing: I suggest using
"openpgp4fpr:00000000000000000000000000000000000" instead of "fpr".
That'd make the User ID a valid URI as "openpgp4fpr" is an assigned URI
Scheme, see:
https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml
Probably the cleanest solution (suggested by others) would be using
direct key signature (0x1F) [0] and avoid User IDs entirely. Your
suggestion Andrew has the benefit that it's immediately backwards
compatible with software "in the wild".
[0]: https://tools.ietf.org/html/rfc4880#section-5.2.1
Kind regards,
Wiktor
["signature.asc" (application/pgp-signature)]
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic