key distribution/verification/update mechanisms other than keyservers

Andrew Gallagher andrewg at
Wed Jan 17 16:51:07 CET 2018

On 17/01/18 15:32, Daniel Kahn Gillmor wrote:
> i don't think you need an extension to OpenPGP at all to do this -- you
> just need policy.  The policy could be (for example):

The main technical question is where should this policy be applied?

1. At upload stage - easy to implement, but requires all keyservers to
cooperate. It also means starting from an empty set, effectively
building a parallel keyserver network from scratch.

2. At replication stage - this would be effective, but to the best of
our knowledge would cripple the algorithm.

3. At search/display stage - almost as easy as 1, although more
computationally intensive as it would need to be calculated per download
(caching may help). Can be retrofitted to existing keyservers.

Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list