diff options
| author | Werner Koch <[email protected]> | 2021-02-02 18:53:21 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2021-02-02 18:53:21 +0000 |
| commit | 7f3ce66ec56a5aea6170b7eb1bda5626eb208c83 (patch) | |
| tree | 3d57f33c5290451c3034fa88eabed0ca2ca78678 /g10/getkey.c | |
| parent | gpg: Remove more or less useless tool gpgcompose. (diff) | |
| download | gnupg-7f3ce66ec56a5aea6170b7eb1bda5626eb208c83.tar.gz gnupg-7f3ce66ec56a5aea6170b7eb1bda5626eb208c83.zip | |
gpg: Remove support for PKA.
* g10/gpg.c (oPrintPKARecords): Remove.
(opts): Remove --print-pka-records.
(main): Remove "pka-lookups","pka-trust-increase" and other PKA stuff.
* g10/options.h (EXPORT_DANE_FORMAT): Remove.
(VERIFY_PKA_LOOKUPS, VERIFY_PKA_TRUST_INCREASE): Remove.
(KEYSERVER_HONOR_PKA_RECORD): Remove.
* g10/packet.h (pka_info_t): Remove.
(PKT_signature): Remove flags.pka_tried and pka_info.
* g10/parse-packet.c (register_known_notation): Remove
"[email protected]".
* g10/pkclist.c (check_signatures_trust): Remove PKA stuff.
* g10/call-dirmngr.c (gpg_dirmngr_get_pka): Remove.
* g10/export.c (parse_export_options): Remove "export-pka".
(do_export): Adjust for this.
(write_keyblock_to_output): Ditto.
(do_export_stream): Ditto.
(print_pka_or_dane_records): Rename to ...
(print_dane_records): this and remove two args. Remove PKA printing.
* g10/free-packet.c (free_seckey_enc, cp_pka_info): Adjust for removed
pka_info field.
* g10/getkey.c (get_pubkey_byname): Make AKL_PKA a dummy.
* g10/keyserver.c: Remove "honor-pka-record".
(keyserver_import_pka): Remove.
* g10/mainproc.c (get_pka_address): Remove.
(pka_uri_from_sig): Remove.
(check_sig_and_print): Remove code for PKA.
--
PKA (Public Key Association) was a DNS based key discovery method
which looked up fingerprint by mail addresses in the DNS. This goes
back to the conference where DKIM was suggested to show that we
already had a better method for this available with PGP/MIME. PKA was
was later superseded by an experimental DANE method and is today not
anymore relevant. It is anyway doubtful whether PKA was ever widely
used.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'g10/getkey.c')
| -rw-r--r-- | g10/getkey.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/g10/getkey.c b/g10/getkey.c index 85c7d3fdd..d4c991f85 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -1080,10 +1080,7 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode, break; case AKL_PKA: - mechanism_string = "PKA"; - glo_ctrl.in_auto_key_retrieve++; - rc = keyserver_import_pka (ctrl, name, &fpr, &fpr_len); - glo_ctrl.in_auto_key_retrieve--; + /* This is now obsolete. */ break; case AKL_DANE: @@ -1151,7 +1148,7 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode, /* Use the fingerprint of the key that we actually fetched. * This helps prevent problems where the key that we fetched * doesn't have the same name that we used to fetch it. In - * the case of CERT and PKA, this is an actual security + * the case of CERT, this is an actual security * requirement as the URL might point to a key put in by an * attacker. By forcing the use of the fingerprint, we * won't use the attacker's key here. */ |