Preserving non-central and privacy with a "permission recording keyserver"

Dirk Gottschalk dirk.gottschalk1980 at
Wed Jul 10 23:28:47 CEST 2019

Hello Werner

Am Mittwoch, den 10.07.2019, 19:54 +0200 schrieb Werner Koch:
> On Wed, 10 Jul 2019 10:27, andrewg at said:
> > I don't think we should ever delete the full dataset (i.e.
> > including the
> > primary). We still need to be able to distribute revocations, and
> > that's
> > only going to work if they're attached to something.
> Some folks are talking about privacy reasons not to distribute the
> user-id.  I don't buy this argument because the user has already
> given his consent (with most MUAs and with gpg's command line) to use
> a mail address along with a key and the specific format is a
> requirement.

Yes, that's my thaught.


> A key on a keyserver should never be searchable by user-id.  It is
> not required and only an attractor to use the keyserver as free and
> searchable data storage.  We only need lookups by fingerprint.  Keys
> should in general be discovered by other reliable mail to key mapping
> services.  If that is not possible there is always the fallback to
> first send a signed mail and the recipients tool can then lookup the
> key via the fingerprint (which is embedded in the signature) at a
> keyserver.

Then, the --search-keys option og gpg CLI is obsolete. That would be
okay, but this option should be disables in newer versions of gpg.


Dirk Gottschalk

GPG: 4278 1FCA 035A 9A63 4166  CE11 7544 0AD9 4996 F380

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the Gnupg-devel mailing list