recommendation for key servers

Bernhard Reiter bernhard at intevation.de
Tue Jul 13 10:42:07 CEST 2021


Am Mittwoch 30 Juni 2021 19:35:25 schrieb Andrew Gallagher via Gnupg-devel:
> The "permission-recording keyserver" as described here requires the
> various keyserver operators to trust each other to validate these
> permissions correctly. 

Not quite.
It is designed the other way around without "mandatory validation":
it allows for later opt-out or finding the party that publishes
unwanted information. So it can work at first try.

And email servers also do not trust each other fully, they just delegate
and assume some initial trust.

> Technically, this could be done if the validating 
> keyserver signs the user IDs that it has personally checked, and each of
> its peers verifies this third-party sig against their own trusted
> keyservers list.

This comes with too much power for the "validating keyserver" to me.
My feeling is that this is unneeded.

Best Regards,
Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20210713/125ed096/attachment.sig>


More information about the Gnupg-devel mailing list