recommendation for key servers
justus at sequoia-pgp.org
Wed Jun 30 12:18:23 CEST 2021
Werner Koch via Gnupg-devel <gnupg-devel at gnupg.org> writes:
> On Sun, 27 Jun 2021 13:20, Tobias Wendorff said:
>> So maybe sign the contenting process using the private key in future?
> Casey Marshall wrote in the Hockeypuck 2.1 announcement :
> - Authenticated key management. This adds a couple of extra endpoints
> which allow a key owner to replace and delete their key,
> authenticated by signing the armored key in the request. This allows
> a key owner to still update their own key once it has been inflated
> beyond the key length limit.
> Blacklists and auth key management may also be of interest to keyserver
> operators subject to GDPR-related requests.
> However there was not much followup on this. If there is something in
> GnuPG we can do to support these features, we should do that sooner than
I fear that the mechanism has not been very well designed. In short, I
believe it is not complete, not functional, and dangerous:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 519 bytes
Desc: not available
More information about the Gnupg-devel