> On 14 Aug 2019, at 23:38, Daniel Clery <d...@savevsgeek.com> wrote: > > If the keyserver implemented a signer blacklist, (which would scrub the > blacklisted signature from any current or incoming public keys), what > consequences am I missing?
This is known as “enumerating badness” and it doesn’t scale. You would only be able to identify a bad actor after its actions are noticed - by a human being. Also, if thousands of separate keys have signed another key, making it unusable, how do we decide which of those thousands of keys are legit and which the bad actors? Generating lots of keys on modern hardware is not difficult. A _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users