Allowing import of pubkeys without User ID

Werner Koch wk at
Fri Jan 13 15:30:00 CET 2023

On Fri, 13 Jan 2023 12:15, Andrew Gallagher said:

> system) to keep trying the other methods. But if we get a “key
> revoked” error, then we have a definite answer and can stop
> looking. The client-side/user behaviour changes depending on the

You can't stop because you would trust the statement from the keyserver.
Which is not what keyservers are made for.  Thus even after you get a
revoked status from a keyserver you need to fetch the public key and
verify the revocation certificate.

> a self-sig, it makes sense to allow self-sigs and their primaries to
> be distributed regardless of whether they are “usable” in a
> client-side sense.

You can do between the keyservers whatever you want.  If you want to
validate the keyblock you need the user id and need to verify the
self-sig before you allow fetching that keyblock (maybe restricted to
the requested user id)



The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-devel mailing list