Preserving non-central and privacy with a "permission recording keyserver"

Andrew Gallagher andrewg at
Wed Jul 10 11:27:19 CEST 2019

On 10/07/2019 10:18, Dirk Gottschalk wrote:
> A compromised key will not be deleted in Werners scenario, just
> stripped down to primary key and revocation. Not a full Detetion. The
> confirmation is for the scenario when the full dataset should be
> deleted. Porobably I misunderstood Werner.

Maybe *I* misunderstood Werner. :-)

I don't think we should ever delete the full dataset (i.e. including the
primary). We still need to be able to distribute revocations, and that's
only going to work if they're attached to something.

Compromised keys shouldn't be searchable by ID, so deleting everything
except the primary makes sense in such cases. Merely superseded keys
should be searchable by ID because we may wish to verify historical
signatures, and that's only possible if they are stored in full.

Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-devel mailing list