Difficulty of fixing reconciliation

Robert J. Hansen rjh at sixdemonbag.org
Wed Aug 14 21:45:19 CEST 2019

> Can you give me a valid reason why anyone would want their key signed by
> 150,000 people or more?? How can you meet 150,000 people?

Sure, if you can give me a valid reason why I *should* give you a valid


I'm not a GnuPG developer.  I don't run an SKS keyserver.  I know a good
bit about the internals of both, but I wasn't involved in the decisions
and I'm getting really annoyed at people who expect me to be an
apologist just because they mistakenly think I'm more involved than I am.

Now that I've got that out of the way, welcome to the Zero-One-N rule.
It's a rule of thumb in software engineering that says to either allow
none of something, only one of something, or an arbitrary number of
somethings.  Either support no third-party signatures, one third-party
signature, or arbitrary numbers of them.  When the OpenPGP spec was
developed *more than twenty years ago* it was decided to support
arbitrary numbers of third-party signatures.  GnuPG faithfully
implements this spec, even though this policy has turned out to not be a
good idea.

If you want to be *productive*, get over on the IETF Working Group
mailing list and start asking how the next draft of the spec is going to
resolve this problem.  That's where the problem began.  That's where you
need to solve it.

More information about the Gnupg-users mailing list