New keyserver at - what's your take?

Robert J. Hansen rjh at
Mon Jul 1 15:26:38 CEST 2019

> We start from hagrid or something like it, and carefully add the ability
> to sync only the absolute minimum of data required to allow revocations
> to propagate. This probably means primary keys, their self-sigs and
> revocation sigs.

A thought that would unfortunately require an adjustment to the OpenPGP
spec itself: why do we put certification signatures on the target's
certificate, anyway?

If Alice 0xDEADBEEF certifies Bob 0xDECAFBAD, 0xDECAFBAD bears a
certification from 0xDEADBEEF.  Why not reverse it?  Why not, when
looking at a certificate 0xDEADBEEF that says "Hi, I'm Alice!", do we
not see "And I certify that 0xDECAFBAD is really Bob"?

In some respects it would permit us to preserve an append-only signature
model.  Only the certificate owner would be allowed to append a cert
signature to their cert.

The current debacle is completely the result of allowing *anyone* to
append a cert signature to *anyone else's* cert.

I am certain there's some subtle problem here I'm not seeing.  But it's
worth a thought.

> * It MUST cryptographically verify all fetched material.

Note that this amounts to "SKS must die".  SKS does no cryptographic
verification of material.

More information about the Gnupg-users mailing list