New keyserver at keys.openpgp.org - what's your take?
Wiktor Kwapisiewicz
wiktor at metacode.biz
Sat Jun 15 22:30:25 CEST 2019
Hi Konstantin,
On Fri Jun 14, 2019 at 11:19 AM Konstantin Ryabitsev wrote:
> 1. implement the regular --send-key --recv-key api
This is already implemented.
> 2. when accepting a --send-key, check to make sure at least one of the
> uid's matches an allow-list of identities (for example, from a dump of
> all authors/committers in linux.git)
I guess this could be implemented as a white-list of e-mails.
I hope you don't mind but I've mentioned this use-case on their issue
tracker:
https://gitlab.com/hagrid-keyserver/hagrid/issues/55#note_181698023
> 3. perform email verification using the matching identity from #2
If filtering would be implemented this would also work as is.
> 4. store all key data without stripping out 3rd-party signatures
As far as I understood the Hagrid keyserver developers they're not
against 3rd-party signatures per se, just don't like the idea of anyone
appending data to keys. The answer on the FAQ seems quite open:
https://keys.openpgp.org/about/faq#third-party-signatures
> I guess it would be easy enough to hack that into hagrid, but that would
> mean a hard fork and I'd avoid that at all costs.
I think it would be useful to bring it to Hagrid developers (either on
the issue tracker, via e-mail or #hagrid on IRC). From my experience
they're listening to feedback :)
Have a nice evening!
Kind regards,
Wiktor
--
https://metacode.biz/@wiktor
More information about the Gnupg-users
mailing list