Re: shutdown of pgpkeys.co.uk and pgpkeys.uk

[Wiktor Kwapisiewicz]

Hi Gunnar,

> Hagrid is IMO a no-go: in order to solve the greatest shortcomings of
> SKS, it drops one of OpenPGP's greatest features: the Web of
> Trust. Yes, for many, the WoT is an anachronistic holdout... But many
> among us still believe in it.
>
> (...)
>
> (For full disclosure: I recently joined a PhD program, and my study
> subject is how to keep the decentralized properties of the WoT network
> while at the same time being able to counter the attacks we have seen
> on it).

You may be interested in this Merge Request:
https://gitlab.com/hagrid-keyserver/hagrid/-/merge_requests/176

In short this is about adding Attested Certifications support to
Hagrid. Attested Certifications are third-party signatures that are
"approved" by the key owner. This makes it easy to distinguish real
third-party signatures that the key owner cares for from flooded
signatures.

Sadly they are not yet supported in GnuPG but adding them to Hagrid may
be a good way to solve the "chicken and egg" problem with this feature.

For technical bits see rfc4880bis section 5.2.1: "0x16  Attested Key Signature"

https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-rfc4880bis-10#section-5.2.1

Kind regards,
Wiktor