From cc056eb534c1b8f7d1a90af3b9ecb9d6b2f322fa Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Mon, 14 Dec 2020 15:18:01 +0100 Subject: dirmngr: Do not store the useless pgpSignerID in the LDAP. * dirmngr/ks-engine-ldap.c (extract_attributes): Do not store the pgpSignerID. * g10/call-dirmngr.c (ks_put_inq_cb): Do not emit sig records. -- The pgpSignerID has no use in the LDAP and thus don't store it. David's idea back in 2004 was /* This bit is really for the benefit of people who store their keys in LDAP servers. It makes it easy to do queries for things like "all keys signed by Isabella". */ See-commit: 3ddd4410aef928827e1c8d4fb02c1ccd3f8eaea5 I consider this dangerous because such a query is not able to validate the signature, does not get revocation signatures, and also has no information about the validity of the signatures. Further many keys are spammed tehse days with faked signatures and it does not make sense to blow up the LDAP with such garbage. Signed-off-by: Werner Koch --- dirmngr/ks-engine-ldap.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'dirmngr/ks-engine-ldap.c') diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c index 11c922eac..7d61313d9 100644 --- a/dirmngr/ks-engine-ldap.c +++ b/dirmngr/ks-engine-ldap.c @@ -1737,9 +1737,6 @@ extract_attributes (LDAPMod ***modlist, char *line) if (is_sub) modlist_add (modlist, "pgpSubKeyID", keyid); - - if (is_sig) - modlist_add (modlist, "pgpSignerID", keyid); } if (is_pub) @@ -1967,7 +1964,6 @@ ks_ldap_put (ctrl_t ctrl, parsed_uri_t uri, modlist_add (&modlist, "pgpKeyType", NULL); modlist_add (&modlist, "pgpUserID", NULL); modlist_add (&modlist, "pgpKeyCreateTime", NULL); - modlist_add (&modlist, "pgpSignerID", NULL); modlist_add (&modlist, "pgpRevoked", NULL); modlist_add (&modlist, "pgpSubKeyID", NULL); modlist_add (&modlist, "pgpKeySize", NULL); -- cgit v1.2.3