X-Git-Url: https://the.earth.li/gitweb/?a=blobdiff_plain;f=onak.ini.in;h=fd6b9e499481245ba0645033e0f00744c96b5a09;hb=6d60149434eed130c201d4d670ce7b3be5c2866b;hp=8989f0704a28832ed4685c8671b562bf1fd32c98;hpb=2708d5a06ad2ef872ea89aca822328f98a86e7cb;p=onak.git diff --git a/onak.ini.in b/onak.ini.in index 8989f07..fd6b9e4 100644 --- a/onak.ini.in +++ b/onak.ini.in @@ -9,19 +9,38 @@ logfile=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/onak.log loglevel=3 ; Should we use the keyd backend? use_keyd=false -sock_dir=@CMAKE_INSTALL_FULL_RUNSTATEDIR@ +sock_dir=@CMAKE_INSTALL_FULL_RUNSTATEDIR@/onak ; Maximum number of keys to return in a reply to an index, verbose index or ; get. Setting it to -1 will allow any size of reply. max_reply_keys=128 ; Settings related to key verification options available. [verification] +; Blacklist certain fingerprints (e.g. EVIL32). One fingerprint per line, +; comment lines start with # +;blacklist=blacklist.txt +; Check the size of packets, dropping overly large UIDs / signature packets +; as per draft-dkg-openpgp-abuse-resistant-keystore 4.1 +;check_packet_size=false ; Verify signature hashes - verify that the hash a signature claims to be ; over matches the hash of the data. Does not actually verify the signature. check_sighash=true ; Drop v3 (and older) keys. These are long considered insecure, so unless there ; is a good reason you should accept this default. drop_v3=true +; Specify that a key must have a certificate from another key in order for it +; to be accepted. Only valid when verify_signatures is set, meaning new keys +; can only be added if they are certified by keys already present. +;require_other_sig=false +; Only allow keys that already exist to be update; silently drop the addition +; of any key we don't already know about. Useful for allowing updates to +; curated keys without the addition of new keys. +;update_only=false +; Verify signatures, dropping those that cannot or do not validate. Keys/UIDS +; that lack valid self signatures will also be dropped. Note that in order to +; valid a signature the signing key must be present in the key database, so +; multiple passes may be required to import new keyrings fully. +;verify_signatures=false ; Settings related to the email interface to onak. [mail]