X-Git-Url: http://the.earth.li/gitweb/?p=onak.git;a=blobdiff_plain;f=onak.ini.in;h=fd6b9e499481245ba0645033e0f00744c96b5a09;hp=4dbf8305d516cf73fbf7a7447ac02efa96148c56;hb=76f079e5ebdb34acaaa2462a8d915ee06d3c8425;hpb=a799cc2909f47d918d1ec7171a9edba28a9f5136 diff --git a/onak.ini.in b/onak.ini.in index 4dbf830..fd6b9e4 100644 --- a/onak.ini.in +++ b/onak.ini.in @@ -9,16 +9,38 @@ logfile=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/onak.log loglevel=3 ; Should we use the keyd backend? use_keyd=false -sock_dir=@CMAKE_INSTALL_FULL_RUNSTATEDIR@ +sock_dir=@CMAKE_INSTALL_FULL_RUNSTATEDIR@/onak ; Maximum number of keys to return in a reply to an index, verbose index or ; get. Setting it to -1 will allow any size of reply. max_reply_keys=128 ; Settings related to key verification options available. [verification] +; Blacklist certain fingerprints (e.g. EVIL32). One fingerprint per line, +; comment lines start with # +;blacklist=blacklist.txt +; Check the size of packets, dropping overly large UIDs / signature packets +; as per draft-dkg-openpgp-abuse-resistant-keystore 4.1 +;check_packet_size=false ; Verify signature hashes - verify that the hash a signature claims to be ; over matches the hash of the data. Does not actually verify the signature. check_sighash=true +; Drop v3 (and older) keys. These are long considered insecure, so unless there +; is a good reason you should accept this default. +drop_v3=true +; Specify that a key must have a certificate from another key in order for it +; to be accepted. Only valid when verify_signatures is set, meaning new keys +; can only be added if they are certified by keys already present. +;require_other_sig=false +; Only allow keys that already exist to be update; silently drop the addition +; of any key we don't already know about. Useful for allowing updates to +; curated keys without the addition of new keys. +;update_only=false +; Verify signatures, dropping those that cannot or do not validate. Keys/UIDS +; that lack valid self signatures will also be dropped. Note that in order to +; valid a signature the signing key must be present in the key database, so +; multiple passes may be required to import new keyrings fully. +;verify_signatures=false ; Settings related to the email interface to onak. [mail]