New keyserver at keys.openpgp.org - what's your take?
Teemu Likonen
tlikonen at iki.fi
Fri Jun 14 16:25:05 CEST 2019
Wiktor Kwapisiewicz [2019-06-14 11:59:16+02] wrote:
> Storing endless amounts of data without any kind of verification was a
> bad idea. Maybe SKS was designed in good old times when no-one would
> try to take advantage of it but in 2019 validating e-mail address is
> bare minimum a service such as this should do.
>
> The current shortcoming is stripping third-party signatures. So Web of
> Trust wouldn't work (for good reasons described in the FAQ [0]). For
> some people this may be surprising.
It may turn out to be a good choice to leave other people's certificates
(third-party signatures) out. It seems to solve the storage abuse
problem and probably doesn't harm too much communities who need web of
trust. Generally web of trust works only in tight communities who can
really verify each other's keys. Such communities can easily distribute
their keys through their web site or other common resources. For larger
audience it's probably enough to have an easy and automatic key
discovery and key update service, such as this keys.openpgp.org seems to
be. I think.
--
/// Teemu Likonen <https://github.com/tlikonen> //
// PGP: 4E1055DC84E9DFF613D78557719D69D324539450 ///
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190614/249828e4/attachment.sig>
More information about the Gnupg-users
mailing list