On Fri, Sep 13, 2013 at 3:42 PM, Daniel Kahn Gillmor <d...@fifthhorseman.net> wrote: > On 09/13/2013 09:49 AM, Peter Lebbing wrote: >> On 2013-09-13 14:24, Nicholas Cole wrote: >>> The correct way would be to have keyservers >>> honour the no-modify flag, or perhaps have some notation on the ID >>> that prevents uploading to a public keyserver. I myself would favour >>> the latter approach. >> >> The latter has the same problem as the no-modify flag: it can be >> subverted by someone as long as the keyservers do not do crypto. > > yes, pretty much anything can be published as long as the keyservers do > not do crypto. That's something that the keyservers need to fix, as it > would prevent other problems as well. > > In the meantime, we can produce certifications that won't be > misinterpreted by the keyservers as they currently exist, and can be > validated by any future keyservers that do proper cryptographic checks.
Well. Why not trust your circle of contacts (because anyone using this scheme must be in a small circle) not to upload the keys to keyservers? Perhaps if there is enough demand gpg could even have a "Never send these keys to keyservers" option in the config file, taking a list of fingerprints. Just a thought. I'm against doing something that goes against the standard when there are other ways to achieve it. N. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
