[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pgp-keyserver-folk
Subject:    [Pgp-keyserver-folk] Re: Honoring the no-modify flag
From:       David Shaw <dshaw () jabberwocky ! com>
Date:       2002-09-29 21:27:13
[Download RAW message or body]

On Sun, Sep 29, 2002 at 04:43:14PM -0400, Yaron M. Minsky wrote:
> I started writing some code to have SKS honor the no-modify flag, and I
> realized that I don't know a good way of doing it.  My main constraint is
> that I want to do as little actual cryptography as possible, and in
> particular I would like to avoid verifying keys.  That will keep SKS as
> independent as possible from the cryptographic methods used by various PGP
> implementations.
> The idea behind the no-modify flag is that no one but the key owner should
> be able to modify the key.  So what does that mean, exactly?  One
> easy-to-implement approach would be to disallow merging of two keys if
> either key had a self-signature that said "no-modify".  That works fine
> except for one thing:  it doesn't allow ANY modifications of a key, not
> even the key's owner.  In particular, it doesn't allow for revocation.
> So does anyone know a non-cryptographic way of honoring the no-modify
> flag?  Is there any keyserver out there that currently does this?

There is no non-cryptographic way to honor no-modify.  Indeed, without
verifying the self-sig that contains the no-modify flag in the first
place, you can't know whether it's a real no-modify flag or not ;)

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson
[prev in list] [next in list] [prev in thread] [next in thread]