Home GnuPG
Diffusion GnuPG cc056eb534c1

dirmngr: Do not store the useless pgpSignerID in the LDAP.

Description

dirmngr: Do not store the useless pgpSignerID in the LDAP.

* dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the
pgpSignerID.
* g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records.

The pgpSignerID has no use in the LDAP and thus don't store it.
David's idea back in 2004 was

/* This bit is really for the benefit of people who
   store their keys in LDAP servers.  It makes it easy
   to do queries for things like "all keys signed by
   Isabella".  */

See-commit: 3ddd4410aef928827e1c8d4fb02c1ccd3f8eaea5

I consider this dangerous because such a query is not able to validate
the signature, does not get revocation signatures, and also has no
information about the validity of the signatures. Further many keys
are spammed tehse days with faked signatures and it does not make
sense to blow up the LDAP with such garbage.

  • Signed-off-by: Werner Koch <wk@gnupg.org>

Details

Provenance
wernerAuthored on Dec 14 2020, 3:18 PM
Parents
rG37a899d0e4fd: dirmngr: Fix adding keys to an LDAP server.
Branches
Unknown
Tags
Unknown