New keyserver at keys.openpgp.org - what's your take?
Robert J. Hansen
rjh at sixdemonbag.org
Mon Jul 1 15:26:38 CEST 2019
> We start from hagrid or something like it, and carefully add the ability
> to sync only the absolute minimum of data required to allow revocations
> to propagate. This probably means primary keys, their self-sigs and
> revocation sigs.
A thought that would unfortunately require an adjustment to the OpenPGP
spec itself: why do we put certification signatures on the target's
certificate, anyway?
If Alice 0xDEADBEEF certifies Bob 0xDECAFBAD, 0xDECAFBAD bears a
certification from 0xDEADBEEF. Why not reverse it? Why not, when
looking at a certificate 0xDEADBEEF that says "Hi, I'm Alice!", do we
not see "And I certify that 0xDECAFBAD is really Bob"?
In some respects it would permit us to preserve an append-only signature
model. Only the certificate owner would be allowed to append a cert
signature to their cert.
The current debacle is completely the result of allowing *anyone* to
append a cert signature to *anyone else's* cert.
I am certain there's some subtle problem here I'm not seeing. But it's
worth a thought.
> * It MUST cryptographically verify all fetched material.
Note that this amounts to "SKS must die". SKS does no cryptographic
verification of material.
More information about the Gnupg-users
mailing list