recommendation for key servers

Justus Winter justus at
Wed Jun 30 12:18:23 CEST 2021

Werner Koch via Gnupg-devel <gnupg-devel at> writes:

> On Sun, 27 Jun 2021 13:20, Tobias Wendorff said:
>> So maybe sign the contenting process using the private key in future?
> Casey Marshall wrote in the Hockeypuck 2.1 announcement [1]:
>   - Authenticated key management. This adds a couple of extra endpoints
>     which allow a key owner to replace and delete their key,
>     authenticated by signing the armored key in the request. This allows
>     a key owner to still update their own key once it has been inflated
>     beyond the key length limit.
>   Blacklists and auth key management may also be of interest to keyserver
>   operators subject to GDPR-related requests.
> However there was not much followup on this.  If there is something in
> GnuPG we can do to support these features, we should do that sooner than
> later.

I fear that the mechanism has not been very well designed.  In short, I
believe it is not complete, not functional, and dangerous:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 519 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list