[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] [openpgp-email] Keyservers and GDPR

From: Yegor Timoshenko
Subject: Re: [Sks-devel] [openpgp-email] Keyservers and GDPR
Date: Wed, 07 Nov 2018 10:04:39 -0000

> Purpose 4, distribution of key signatures, worked as long as
> people didn't used the key listings of the server or tools for
> more or less funny messages. Uploading key signature should be
> possible only by the holder of the key. However, to enforce
> this the keyservers need to employ real crypto and won't be a
> lean service anymore. I think the distribution of keyservers,
> for those who still want to use the WoT, can be replaced by
> sending the signed keys only back to owner. In fact tools like
> caff suggest this use case.

Storing signatures with issuing keys (instead of keys that are
being signed) should limit abuse potential while still allowing
for WoT.
> Purpose 5 is not relevant for OpenPGP key distribution and
> actually the reason why the keyserver network has more or less
> broken down.

World-writable storage is still a problem: even if no search is
present, at the very least means arbitrary writes. Proof of work
can both help limit this misuse vector.

Storing immutable data, distributed recon, proof of work, that
sounds like something a blockchain should do to me.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]