[prev in list] [next in list] [prev in thread] [next in thread]
List: pgp-keyserver-folk
Subject: [Pgp-keyserver-folk] Re: Honoring the no-modify flag
From: David Shaw <dshaw () jabberwocky ! com>
Date: 2002-09-29 21:27:13
[Download RAW message or body]
On Sun, Sep 29, 2002 at 04:43:14PM -0400, Yaron M. Minsky wrote:
> I started writing some code to have SKS honor the no-modify flag, and I
> realized that I don't know a good way of doing it. My main constraint is
> that I want to do as little actual cryptography as possible, and in
> particular I would like to avoid verifying keys. That will keep SKS as
> independent as possible from the cryptographic methods used by various PGP
> implementations.
> The idea behind the no-modify flag is that no one but the key owner should
> be able to modify the key. So what does that mean, exactly? One
> easy-to-implement approach would be to disallow merging of two keys if
> either key had a self-signature that said "no-modify". That works fine
> except for one thing: it doesn't allow ANY modifications of a key, not
> even the key's owner. In particular, it doesn't allow for revocation.
> So does anyone know a non-cryptographic way of honoring the no-modify
> flag? Is there any keyserver out there that currently does this?
There is no non-cryptographic way to honor no-modify. Indeed, without
verifying the self-sig that contains the no-modify flag in the first
place, you can't know whether it's a real no-modify flag or not ;)
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic