Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: remove policy-url metadata #297

Open
ananteris opened this issue Sep 8, 2019 · 1 comment · May be fixed by #298
Open

Feature Request: remove policy-url metadata #297

ananteris opened this issue Sep 8, 2019 · 1 comment · May be fixed by #298
Assignees
@romanz

Comments

@ananteris
Copy link

ananteris commented Sep 8, 2019
edited
Loading

The policy url custom subpacket (set to TREZOR-GPG) is shared when a public key is distributed. This metadata can hurt anonymity since it conveys that a public key's owner is also a Trezor owner/trezor-gpg user. This is bad for OPSEC.

If possible libagent/gpg/encode.py should find a different mechanism to determine signer_func which does not require additional key metadata.
@romanz romanz self-assigned this Sep 8, 2019
@romanz romanz linked a pull request Sep 9, 2019 that will close this issue
Open
@doolio
Copy link
Contributor

doolio commented Sep 3, 2023

How does one see this metadata in the public key?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@romanz romanz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Don't store TREZOR marker inside public key romanz/trezor-agent
3 participants
@romanz @doolio @ananteris