Web of Trust spam prevention (was: Re: recommendation for key servers)

Andrew Gallagher andrewg at andrewg.com
Thu Jul 1 02:39:14 CEST 2021

> On 1 Jul 2021, at 01:01, Jacob Bachmeyer <jcb62281 at gmail.com> wrote:
> As I see the problem, links in the Web of Trust should be symmetric:  if Alice has verified Bob's key, Bob should have also verified Alice's key.  Enforcing this would eliminate spam signatures, but would also require some way for the system to recognize the intermediate state where Bob has uploaded his signature for Alice's key but Alice has not yet uploaded her signature for Bob's key.

The intermediate state doesn’t have to use keyservers at all. Bob signs Alice’s key and simply emails it back to her. She then has the option of attesting Bob’s signature and publishing it, or not, as she ses fit. 


More information about the Gnupg-devel mailing list