[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] SKS should not accept or replay non-exportable certifica
From: |
Robert J. Hansen |
Subject: |
Re: [Sks-devel] SKS should not accept or replay non-exportable certifications |
Date: |
Sat, 14 Sep 2013 17:00:28 -0400 |
User-agent: |
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 |
On 9/14/2013 3:08 PM, Daniel Kahn Gillmor wrote:
> Let me also be clearer about why i find this bug serious...
I am still not seeing why this bug is serious. It still seems to be a
case of mountains and molehills.
> I have told numerous people that the keyserver network will not
> propagate local signatures.
This is true. However, as Ray Lee once said, "every truth has a
context." Here the context is, "but if you try to prove how clever you
are by creating corner-case certificates, you may wind up hoist in your
own petard."
> If the keyserver network actively forwards these certifications,
> then users of the keyserver network and local certifications stand a
> greater risk of global data leakage that they do not want.
Please show me real users who are having troubles dealing with this bug.
Not just you, because we've already established you're in love with
weird corner cases. If this is affecting real users then I would be all
in favor of further discussion on this subject. Without them, though,
I'm inclined to say "enough already!"
At some point you have to apply the instant-reply rule: if after
watching the instant reply three times you have no idea what the correct
decision is, then there is no wrong decision. Move forward and respect
the decision of the person making the call. In this case, whatever
decision the SKS maintainers make, I will cheerfully accept.
> But i still believe this to be a reasonable expectation
IMO, the fact RFC4880 implicitly allows a non-exportable self-signature
should be considered a bug. IYO, this isn't a bug but a feature, and
SKS's willingness to propagate these self-sigs is the bug. Both sides
have arguments in their favor. Ultimately, it's up to the maintainers
and the keyserver community to decide which will be the canonical behavior.
Although I believe SKS's behavior as it currently stands is technically
in error, I do not believe the alternatives you are presenting amount to
a good fix. I encourage the maintainers and the community to not worry
about this until/unless we see real users being impacted by it.
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, (continued)
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Daniel Kahn Gillmor, 2013/09/13
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Robert J. Hansen, 2013/09/13
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Daniel Kahn Gillmor, 2013/09/13
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Robert J. Hansen, 2013/09/13
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Christoph Anton Mitterer, 2013/09/13
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Robert J. Hansen, 2013/09/13
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Christoph Anton Mitterer, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, John Clizbe, 2013/09/13
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Robert J. Hansen, 2013/09/13
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Daniel Kahn Gillmor, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications,
Robert J. Hansen <=
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Daniel Kahn Gillmor, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, John Clizbe, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Jason Harris, 2013/09/14
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Phil Pennock, 2013/09/15
- [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], Daniel Kahn Gillmor, 2013/09/17
- Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], ClarusComms OpenPGP Services, 2013/09/18
- Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], Johan van Selst, 2013/09/18
- Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], Stephan Seitz, 2013/09/18
- Re: [Sks-devel] SKS should not accept or propagate User IDs with no self-sigs [was: SKS should not accept or replay non-exportable certifications], John Clizbe, 2013/09/18
- Re: [Sks-devel] SKS should not accept or replay non-exportable certifications, Jason Harris, 2013/09/14