> We start from hagrid or something like it, and carefully add the ability > to sync only the absolute minimum of data required to allow revocations > to propagate. This probably means primary keys, their self-sigs and > revocation sigs.
A thought that would unfortunately require an adjustment to the OpenPGP spec itself: why do we put certification signatures on the target's certificate, anyway? If Alice 0xDEADBEEF certifies Bob 0xDECAFBAD, 0xDECAFBAD bears a certification from 0xDEADBEEF. Why not reverse it? Why not, when looking at a certificate 0xDEADBEEF that says "Hi, I'm Alice!", do we not see "And I certify that 0xDECAFBAD is really Bob"? In some respects it would permit us to preserve an append-only signature model. Only the certificate owner would be allowed to append a cert signature to their cert. The current debacle is completely the result of allowing *anyone* to append a cert signature to *anyone else's* cert. I am certain there's some subtle problem here I'm not seeing. But it's worth a thought. > * It MUST cryptographically verify all fetched material. Note that this amounts to "SKS must die". SKS does no cryptographic verification of material. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users