X-Git-Url: https://the.earth.li/gitweb/?a=blobdiff_plain;f=onak.ini.in;h=7149b5a7e56f6c8c8edc4a401e6a64a5b3474a7f;hb=c981a80699901eb3d513a4cc9355574a69016037;hp=4dbf8305d516cf73fbf7a7447ac02efa96148c56;hpb=a799cc2909f47d918d1ec7171a9edba28a9f5136;p=onak.git

diff --git a/onak.ini.in b/onak.ini.in
index 4dbf830..7149b5a 100644
--- a/onak.ini.in
+++ b/onak.ini.in
@@ -16,9 +16,28 @@ max_reply_keys=128
 
 ; Settings related to key verification options available.
 [verification]
+; Blacklist certain fingerprints (e.g. EVIL32). One fingerprint per line,
+; comment lines start with #
+;blacklist=blacklist.txt
 ; Verify signature hashes - verify that the hash a signature claims to be
 ; over matches the hash of the data. Does not actually verify the signature.
 check_sighash=true
+; Drop v3 (and older) keys. These are long considered insecure, so unless there
+; is a good reason you should accept this default.
+drop_v3=true
+; Specify that a key must have a certificate from another key in order for it
+; to be accepted. Only valid when verify_signatures is set, meaning new keys
+; can only be added if they are certified by keys already present.
+;require_other_sig=false
+; Only allow keys that already exist to be update; silently drop the addition
+; of any key we don't already know about. Useful for allowing updates to
+; curated keys without the addition of new keys.
+;update_only=false
+; Verify signatures, dropping those that cannot or do not validate. Keys/UIDS
+; that lack valid self signatures will also be dropped. Note that in order to
+; valid a signature the signing key must be present in the key database, so
+; multiple passes may be required to import new keyrings fully.
+;verify_signatures=false
 
 ; Settings related to the email interface to onak.
 [mail]