New keyserver at keys.openpgp.org - what's your take?
andrewg at andrewg.com
Mon Jul 1 15:29:41 CEST 2019
> On 1 Jul 2019, at 13:36, Andrew Gallagher <andrewg at andrewg.com> wrote:
> We start from hagrid or something like it, and carefully add the ability
> to sync only the absolute minimum of data required to allow revocations
> to propagate. This probably means primary keys, their self-sigs and
> revocation sigs.
Or alternatively, we start with either hockeypuck or SKS (yes, I know) and carefully cripple them.
Thinking about this a bit more, and with the DNS comparison in mind, it may be best if caching keyservers and validating keyservers were two entirely different things, to make sure we don’t accidentally open ourselves to a cache poisoning attack.
More information about the Gnupg-users