On 10.12.2018 17:32, Stefan Claas wrote: > Yes, it seems it would be a good start. However, if unwanted data can then be > still > submitted remains to bee seen, because what if anonymous email services would > use > DKIM too?
Well it depends on the implementation. In current keyserver model everyone can append signatures to everyone's keys because the design assumed that it's good that other people can certify your key and didn't predict "trollwot". But it's technically possible to accept key signatures for a key only from the key owner. Of course implementing that in SKS would take a lot of work. Then if someone used anonymous e-mail service they could update only their keys. If you consider that a risk then the software shouldn't accept foreign keys at all as e-mail verification won't solve the SPAM problem in general. That is also a benefit of WKD because everyone takes care of their own keys and no one has to volunteer to host other people's stuff. > As per Werner's suggestion to make only the fingerprint available for > (Web/API) searches, > is also a thing, because like i previously said a list of fingerprints for > example can still be This would solve some problems but not others. I think Web Key Directory (for people controlling their domains) coupled with Autocrypt (for everyone else) already solves a large number of use cases people need key servers. The only real problem that keyservers are good at is storing revocations in a way that is hard to delete. But if that is so "maybe we need just a revocation server" as someone said on the OpenPGP Email Summit 2018 (https://wiki.gnupg.org/EmailSummit2018Notes). Kind regards, Wiktor -- https://metacode.biz/@wiktor _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users