Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Tue Jan 16 19:15:45 CET 2018

On 01/16/2018 07:12 PM, Andrew Gallagher wrote:
> On 16/01/18 17:19, Leo Gaspard wrote:
>> “on 2018-04-01, please expose only the master key and its revocation
>> certificate(s) to clients”
> IF you wanted to go this route, it would be easier for keyservers to
> only serve the master key + revocation cert for *all* cases where a
> revocation cert exists. What does it matter who signed a key that has
> been revoked, or what IDs it used to be tied to? It's dead, throw it away.

The important thing would actually be that the data is retained in the
database, as that wouldn't break sync. Aside from that the keyservers
would have to implement cryptography and verify that the revocation
certificate is accurate, this is within the scope of feasibility,
although wouldn't do anything one way or the other with regards to
security. Whether it would help privacy is also a questionable matter,
as the full data store is downloadable, so anyone can download it
containing the data wanting to be hidden.

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"By three methods we may learn wisdom: First, by reflection, which is
noblest; Second, by imitation, which is easiest; and third by
experience, which is the bitterest."

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180116/feaaf0ac/attachment.sig>

More information about the Gnupg-users mailing list