New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
all: should not need to have separate key for ann+snapshot@example.com #194
Comments
Agreed. We already give +snapshot special treatment in the DirServer, might as well avoid the key hassle. I'll handle this on the key/server side. |
There are security implications here. We need to discuss this further
before jumping into it.
…On 21 February 2017 at 05:32, Eduardo Pinheiro ***@***.***> wrote:
Agreed. We already give +snapshot special treatment in the DirServer,
might as well avoid the key hassle. I'll handle this on the key/server side.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#194 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AIDilYEjrBNmCHSKSK1NGCbtAvuLW9wfks5redw_gaJpZM4MFvFj>
.
|
@n2vi for final security consideration. However, I just realized this wouldn't help anything. For two reasons:
What I'm getting to is that implicitly sending the public keys of the owner in response to the +snapshot look up would not help when keys diverge. And it would seem to one paranoid about security that the keyserver is lying. For these reasons, I now think we shouldn't. |
At minimum, we need to display a warning to the user at key rotation. If they're doing it because they believe their old key is weak or compromised, they need to think hard about snapshots. |
Snapshots should be easy to set up, and one way to help is not to require the user's key to be stored twice, a chance for mistakes and skew.
Can KeyServer.Lookup ignore the +snapshot part, at least if a first lookup with it fails or some such?
The text was updated successfully, but these errors were encountered: