gpg: Remove support for PKA.

* g10/gpg.c (oPrintPKARecords): Remove.
(opts): Remove --print-pka-records.
(main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff.
* g10/options.h (EXPORT_DANE_FORMAT): Remove.
(VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove.
(KEYSERVER_HONOR_PKA_RECORD): Remove.
* g10/packet.h (pka_info_t): Remove.
(PKT_signature): Remove flags.pka_tried and pka_info.
* g10/parse-packet.c (register_known_notation): Remove
"[email protected]".
* g10/pkclist.c (check_signatures_trust): Remove PKA stuff.
* g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove.
* g10/export.c (parse_export_options): Remove "export-pka".
(do_export): Adjust for this.
(write_keyblock_to_output): Ditto.
(do_export_stream): Ditto.
(print_pka_or_dane_records): Rename to ...
(print_dane_records): this and remove two args. Remove PKA printing.
* g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed
pka_info field.
* g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy.
* g10/keyserver.c: Remove "honor-pka-record".
(keyserver_import_pka): Remove.
* g10/mainproc.c (get_pka_address): Remove.
(pka_uri_from_sig): Remove.
(check_sig_and_print): Remove code for PKA.
--

PKA (Public Key Association) was a DNS based key discovery method
which looked up fingerprint by mail addresses in the DNS.  This goes
back to the conference where DKIM was suggested to show that we
already had a better method for this available with PGP/MIME.  PKA was
was later superseded by an experimental DANE method and is today not
anymore relevant.  It is anyway doubtful whether PKA was ever widely
used.

Signed-off-by: Werner Koch <[email protected]>

1 files changed, 0 insertions, 51 deletions

diff --git a/g10/pkclist.c b/g10/pkclist.c
index 643a0fb03..d53af7223 100644
--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -710,57 +710,6 @@ check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk,
   if ((trustlevel & TRUST_FLAG_DISABLED))
     log_info (_("Note: This key has been disabled.\n"));
 
-  /* If we have PKA information adjust the trustlevel. */
-  if (sig->pka_info && sig->pka_info->valid && !(uidbased && !targetuid))
-    {
-      unsigned char fpr[MAX_FINGERPRINT_LEN];
-      PKT_public_key *primary_pk;
-      size_t fprlen;
-      int okay;
-
-      primary_pk = xmalloc_clear (sizeof *primary_pk);
-      get_pubkey (ctrl, primary_pk, pk->main_keyid);
-      fingerprint_from_pk (primary_pk, fpr, &fprlen);
-      free_public_key (primary_pk);
-
-      if ( fprlen == 20 && !memcmp (sig->pka_info->fpr, fpr, 20) )
-        {
-          okay = 1;
-          write_status_text (STATUS_PKA_TRUST_GOOD, sig->pka_info->email);
-          log_info (_("Note: Verified signer's address is '%s'\n"),
-                    sig->pka_info->email);
-        }
-      else
-        {
-          okay = 0;
-          write_status_text (STATUS_PKA_TRUST_BAD, sig->pka_info->email);
-          log_info (_("Note: Signer's address '%s' "
-                      "does not match DNS entry\n"), sig->pka_info->email);
-        }
-
-      switch ( (trustlevel & TRUST_MASK) )
-        {
-        case TRUST_UNKNOWN:
-        case TRUST_UNDEFINED:
-        case TRUST_MARGINAL:
-          if (okay && opt.verify_options&VERIFY_PKA_TRUST_INCREASE)
-            {
-              trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_FULLY);
-              log_info (_("trustlevel adjusted to FULL"
-                          " due to valid PKA info\n"));
-            }
-          /* fall through */
-        case TRUST_FULLY:
-          if (!okay)
-            {
-              trustlevel = ((trustlevel & ~TRUST_MASK) | TRUST_NEVER);
-              log_info (_("trustlevel adjusted to NEVER"
-                          " due to bad PKA info\n"));
-            }
-          break;
-        }
-    }
-
   /* Now let the user know what up with the trustlevel. */
   switch ( (trustlevel & TRUST_MASK) )
     {