> Purpose 4, distribution of key signatures, worked as long as
> people didn't used the key listings of the server or tools for
> more or less funny messages. Uploading key signature should be
> possible only by the holder of the key. However, to enforce
> this the keyservers need to employ real crypto and won't be a
> lean service anymore. I think the distribution of keyservers,
> for those who still want to use the WoT, can be replaced by
> sending the signed keys only back to owner. In fact tools like
> caff suggest this use case.
Storing and distributing signatures with issuing keys (instead of
keys that are being signed) should limit abuse potential while
still allowing for WoT.
> Purpose 5 is not relevant for OpenPGP key distribution and
> actually the reason why the keyserver network has more or less
> broken down.
World-writable storage is problematic even if there is no search.
Proof of work and some operator-controllable data removal
mechanism (like opt-in key blacklists) can help limit this attack
vector.
Storing immutable data, distributed recon, proof of work, that
sounds like something a blockchain should do to me.
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
