New keyserver at - what's your take?

Werner Koch wk at
Mon Jul 1 18:26:20 CEST 2019

On Mon,  1 Jul 2019 14:55, andrewg at said:

> Yes, which is why we've informally had "let the owner choose whether to
> publish her incoming certifications" as best practice for a long time.

Actually gpg has always set the /Key Server Preferences/ to 

   First octet: 0x80 = No-modify
       the key holder requests that this key only be modified or updated
       by the key holder or an administrator of the key server.

assuming that at some point in the near future we would come up with a
scheme to actually allow to implement such a verification.  The problem
here is that PGP-5 and thus OpenPGP continued to use the PGP-2 model and
didn't defined key-signature as, for example, embedded signatures or
something similar.  We had no other chance here because the WoT was
heavily used for real and for ranking games.

Given that all public keyservers (there used to be others) didn't
verified any signatures it was not possible to implement an upload
scheme which guaranteed that key-signatures had been confirmed by the
key holder.  It has already been mentioned that this would have gone
against the design of the keyserver network to be a perpetual storage
system.  I recall that we discussed all these issues at the keyserver
admins conference in Utrecht back in 2000 and planned to do something
about it.  However, PGP Inc. was soon sold and interest in doing
something with the decentralized keyservers network diminished.  The new
SKS thing then made keyservers working for OpenPGP (the original HKP was
severely limited in accepting OpenPGP keys) but we all knew that if we
ever get really successful with OpenPGP the keyserver would not be able
to solve the key distribution task.  In fact we are here too similar to
X.509 and their CRL and OCSP problems.

> Cross-signing would enforce this, but the client-side tooling is lacking.

Cross-signing is not an easy solution because it can create a catch-22:
You can only import a key which has been cross-signed but for
cross-signing it needs to be imported.

An approval of a key signature by a self-signature would be the right
way - but a straightforward scheme would break the existing WoT and,
worse for some, the ranking.

The other and more important question is whether the WoT and thus
classical key signatures solve a real world problem for the _masses_.  I
doubt that and I can live without public (exportable) key-signatures.
Local key signatures are still a good idea as an annotation of imported



As stop-gap solution the next gpg release sports a
--keyserver-options self-sigs-only to allow importing of spammed keys.

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list