Andrew Gallagher andrewg at andrewg.com
Tue Jan 16 19:50:45 CET 2018

> On 16 Jan 2018, at 18:15, Kristian Fiskerstrand <kristian.fiskerstrand at sumptuouscapital.com> wrote:
>> On 01/16/2018 07:12 PM, Andrew Gallagher wrote:
>>> On 16/01/18 17:19, Leo Gaspard wrote:
>>> “on 2018-04-01, please expose only the master key and its revocation
>>> certificate(s) to clients”
>> IF you wanted to go this route, it would be easier for keyservers to
>> only serve the master key + revocation cert for *all* cases where a
>> revocation cert exists. What does it matter who signed a key that has
>> been revoked, or what IDs it used to be tied to? It's dead, throw it away.
> The important thing would actually be that the data is retained in the
> database, as that wouldn't break sync.

Yes, absolutely. This would be a presentational fix. It would also be a method of giving people a way around right to be forgotten - revoke your cert and your info becomes more or less unsearchable. 

> this is within the scope of feasibility,
> although wouldn't do anything one way or the other with regards to
> security. Whether it would help privacy is also a questionable matter,
> as the full data store is downloadable, so anyone can download it
> containing the data wanting to be hidden.

Agreed. I was thinking more along the lines of having some method of causing signature vandalism to expire.  


More information about the Gnupg-users mailing list