Difficulty of fixing reconciliation

Werner Koch wk at gnupg.org
Wed Aug 14 22:12:19 CEST 2019


On Wed, 14 Aug 2019 15:45, rjh at sixdemonbag.org said:

> developed *more than twenty years ago* it was decided to support
> arbitrary numbers of third-party signatures.  GnuPG faithfully

At least OpenPGP has this:

  5.2.3.17.  Key Server Preferences

   (N octets of flags)

   This is a list of one-bit flags that indicate preferences that the
   key holder has about how the key is handled on a key server.  All
   undefined flags MUST be zero.

   First octet: 0x80 = No-modify
       the key holder requests that this key only be modified or updated
       by the key holder or an administrator of the key server.

GnuPG has always set this flag in anticipation that the keyservers will
eventually come up with an authenticated upload method.  As we all know
the keyserver developers didn't considered that as a priority thing and
thus we are at the state we are know.

At the first and only keyserver conference in 2000 this topic had been
on the agenda.  Due to the burst of the dotcom bubble we never got
together again and most thought that SKS was the way to go.  Recall that
it solved the problem with OpenPGP (HKP supported only 1 primary plus
one subkey) and the performance problem.

Since December 2013 it was pretty clear that the WoT and the keyservers
will have scaling problems.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190814/e532f2a7/attachment.sig>


More information about the Gnupg-users mailing list