Key poisoning

Daniel Clery dan at savevsgeek.com
Thu Aug 15 00:38:09 CEST 2019


If the keyserver implemented a signer blacklist, (which would scrub the
blacklisted signature from any current or incoming public keys), what
consequences am I missing?

In essence, shadowbanning a signing key. Keyservers without blacklist
support would still pass around the toxic keys, but only until they get
updated with the blacklist.

The notion of nothing getting deleted is a feature (as nice as it would be
to be able to nuke my keys from the 90s that never really got used to begin
with). Masking out signatures from bad actors seems like a valid solution.

It doesn't address all of the problems were seeing now (core infrastructure
not in a maintainable state for the project, using effectively voodoo to do
its job)

But could be a start.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190814/8423d69d/attachment-0001.html>


More information about the Gnupg-users mailing list