[Autocrypt] [Sks-devel] [openpgp-email] Keyservers and GDPR

Tobias Mueller muelli at cryptobitch.de
Wed Nov 7 18:17:25 CET 2018


On Wed, 2018-11-07 at 12:33 +0100, Wiktor Kwapisiewicz via Autocrypt
> If cryptographic verification was enough for X.509 there
> wouldn't be Certificate Transparency
CT solves a slightly different set of problems related to
the centralised trust model that we don't necessarily have.

That said, I think we can store revocations in the CT logs s.t. we can
at least have integrity protection and non-equivocation for those. Both
properties which we currently do not have when fetching them from the
key server.


More information about the Gnupg-devel mailing list