New keyserver at keys.openpgp.org - what's your take?

Andrew Gallagher andrewg at andrewg.com
Sun Jun 16 14:49:30 CEST 2019


> On 16 Jun 2019, at 12:51, Vincent Breitmoser <look at my.amazin.horse> wrote:
> 
> 
>> Maybe you can consider in the future at least to allow CA sigs.
>> Those would be only one sig per key and the CA signing keys
>> could be stored in your database as reference as well.
>> 
>> Currently 3 CAs come to mind: Governikus, Heise and CAcert.
> 
> Interesting thought!  I would be a bit worried about slipping into a gatekeeper
> role, but at least there are no technical issues with this.

I would recommend that if you want to go down the road of selectively allowing some third party sigs, that the only honest and transparent way is to allow the leaf certs to determine which sigs are allowed on themselves, via cross signing. If a CA wants to make this process cleaner for the end user, it can be done through tooling. 

A



More information about the Gnupg-users mailing list