all: should not need to have separate key for ann+snapshot@example.com #194
Comments
|
Agreed. We already give +snapshot special treatment in the DirServer, might as well avoid the key hassle. I'll handle this on the key/server side. |
|
There are security implications here. We need to discuss this further
before jumping into it.
…On 21 February 2017 at 05:32, Eduardo Pinheiro ***@***.***> wrote:
Agreed. We already give +snapshot special treatment in the DirServer,
might as well avoid the key hassle. I'll handle this on the key/server side.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#194 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AIDilYEjrBNmCHSKSK1NGCbtAvuLW9wfks5redw_gaJpZM4MFvFj>
.
|
|
@n2vi for final security consideration. However, I just realized this wouldn't help anything. For two reasons:
What I'm getting to is that implicitly sending the public keys of the owner in response to the +snapshot look up would not help when keys diverge. And it would seem to one paranoid about security that the keyserver is lying. For these reasons, I now think we shouldn't. |
|
At minimum, we need to display a warning to the user at key rotation. If they're doing it because they believe their old key is weak or compromised, they need to think hard about snapshots. |
Snapshots should be easy to set up, and one way to help is not to require the user's key to be stored twice, a chance for mistakes and skew.
Can KeyServer.Lookup ignore the +snapshot part, at least if a first lookup with it fails or some such?
The text was updated successfully, but these errors were encountered: