[Sks-devel] Analyzing key server data
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Mar 22 22:50:28 CET 2015
On Sun 2015-03-22 10:33:01 -0500, Daniel Roesler wrote:
> I was under the impression that SKS verified signature packets both
> during upload and during gossip.
SKS does no cryptographic verification. :( Even if it were to start
doing verification, it's not clear how that would work with
certifications from keys it doesn't know about. And the introduction of
cryptographic verification would segment the SKS keyserver network into
those that do verification and those that do not; it's like applying a
filter -- it either needs to be done on all SKS instances or none of
them :/
--dkg
More information about the Gnupg-devel
mailing list