On 2024-08-06 10:32, Jakob Bohm via Gnupg-users wrote:

For issues such as the above, the proper script-friendly solution is to
enhance gpgv itself with command line options to specify the desired
trust requirements. For the multi-signer scenario above, an option could
be set to

    --must-match-percent 90 --ignore-unknown

I think using percentages rather than absolute values here would be dangerous. If this is a percentage of the number of keys in the keyring, it would make updating the membership of the keyring a potential DOS event. If it is a percentage of the number of signatures on the message, an attacker who compromises just one signing key could distribute a package signed by just that key, and 100% of attached signatures would verify.

A

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to