key distribution/verification/update mechanisms other than keyservers
Andrew Gallagher
andrewg at andrewg.com
Wed Jan 17 16:51:07 CET 2018
On 17/01/18 15:32, Daniel Kahn Gillmor wrote:
> i don't think you need an extension to OpenPGP at all to do this -- you
> just need policy. The policy could be (for example):
The main technical question is where should this policy be applied?
1. At upload stage - easy to implement, but requires all keyservers to
cooperate. It also means starting from an empty set, effectively
building a parallel keyserver network from scratch.
2. At replication stage - this would be effective, but to the best of
our knowledge would cripple the algorithm.
3. At search/display stage - almost as easy as 1, although more
computationally intensive as it would need to be calculated per download
(caching may help). Can be retrofitted to existing keyservers.
--
Andrew Gallagher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180117/bdc8c9c6/attachment.sig>
More information about the Gnupg-users
mailing list