New keyserver at - what's your take?

Andrew Gallagher andrewg at
Mon Jul 1 15:29:41 CEST 2019

> On 1 Jul 2019, at 13:36, Andrew Gallagher <andrewg at> wrote:
> We start from hagrid or something like it, and carefully add the ability
> to sync only the absolute minimum of data required to allow revocations
> to propagate. This probably means primary keys, their self-sigs and
> revocation sigs.

Or alternatively, we start with either hockeypuck or SKS (yes, I know) and carefully cripple them. 

Thinking about this a bit more, and with the DNS comparison in mind, it may be best if caching keyservers and validating keyservers were two entirely different things, to make sure we don’t accidentally open ourselves to a cache poisoning attack. 


More information about the Gnupg-users mailing list