[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] IPv6 peering; keydumps annoyingly large
From: |
Scott Grayban |
Subject: |
Re: [Sks-devel] IPv6 peering; keydumps annoyingly large |
Date: |
Wed, 01 Jun 2011 15:06:08 -0700 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8.1.23) Gecko/20090812 Lightning/0.9.4-Inverse Thunderbird/2.0.0.23 Mnenhy/0.7.5.0 |
David Shaw said the following on 06/01/2011 02:45 PM:
> On Jun 1, 2011, at 1:14 PM, Xian Stannard wrote:
>
>
>> I can see that it is bad to loose keys that are in use, but why must
>> every key from day zero be kept? The deletion need not be probibitive of
>> the key being uploaded again: that could trigger it to be re-propagated.
>>
> One danger is that a revoked key won't be seen as revoked by someone who
> needs to see it as such. For example, let's say that I have a public key on
> the keyservers (call it "A"), and my secret key gets compromised. I revoke
> that key, make a new one ("B"), and upload both A & B to the keyservers.
>
> Now, someone who I communicated with before my key was compromised wants to
> get ahold of me, and so uses the only key they have: A. They don't know that
> I have a new key, and checking the keyservers (gpg --refresh-keys, or similar
> for other programs) won't show them that A is revoked, because A got pruned
> from the keyserver when it was revoked.
>
> Now, to be sure, we could design different ways of avoiding this issue, but
> personally, I'd want to see some real evidence of an upcoming problem with
> the keyserver DB size before going down that route. I'm afraid I don't see a
> problem that needs fixing here.
>
> David
You can search the keyserver using just the email address and they would
still get the new pub key
Scott
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, (continued)
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Jeff Johnson, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, John Clizbe, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, David Shaw, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Robert J. Hansen, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Xian Stannard, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Daniel Kahn Gillmor, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Scott Grayban, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Robert J. Hansen, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Matthew Palmer, 2011/06/02
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, David Shaw, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large,
Scott Grayban <=
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, David Shaw, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Robert J. Hansen, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Daniel Kahn Gillmor, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Scott Grayban, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, C.J. Adams-Collier KF7BMP, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Jeff Johnson, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Kiss Gabor (Bitman), 2011/06/02
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, David Benfell, 2011/06/02
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Robert J. Hansen, 2011/06/02
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Xian Stannard, 2011/06/01