> On 1 Jul 2019, at 13:36, Andrew Gallagher <andr...@andrewg.com> wrote: > > We start from hagrid or something like it, and carefully add the ability > to sync only the absolute minimum of data required to allow revocations > to propagate. This probably means primary keys, their self-sigs and > revocation sigs.
Or alternatively, we start with either hockeypuck or SKS (yes, I know) and carefully cripple them. Thinking about this a bit more, and with the DNS comparison in mind, it may be best if caching keyservers and validating keyservers were two entirely different things, to make sure we don’t accidentally open ourselves to a cache poisoning attack. A _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users