On 01/16/2018 07:12 PM, Andrew Gallagher wrote: > On 16/01/18 17:19, Leo Gaspard wrote: >> “on 2018-04-01, please expose only the master key and its revocation >> certificate(s) to clients” > > IF you wanted to go this route, it would be easier for keyservers to > only serve the master key + revocation cert for *all* cases where a > revocation cert exists. What does it matter who signed a key that has > been revoked, or what IDs it used to be tied to? It's dead, throw it away.
The important thing would actually be that the data is retained in the database, as that wouldn't break sync. Aside from that the keyservers would have to implement cryptography and verify that the revocation certificate is accurate, this is within the scope of feasibility, although wouldn't do anything one way or the other with regards to security. Whether it would help privacy is also a questionable matter, as the full data store is downloadable, so anyone can download it containing the data wanting to be hidden. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "By three methods we may learn wisdom: First, by reflection, which is noblest; Second, by imitation, which is easiest; and third by experience, which is the bitterest." (Confucius)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users