On 07/27/2015 07:46 PM, Werner Koch wrote: > On Mon, 27 Jul 2015 14:15, n...@walfield.org said: >
> > You can't do that due to the decentralized approach with no > requirement for the user to always upload to the same keyserver. > Thus a server may miss validation signatures not yet received from > other servers. The way I read this proposal isn't about keyservers per se, but the individual validation servers publishing a chained list (like a blockchain) of its validations. There is merit to that proposal for auditing purposes, although I'm not entirely sure how it'd work in practice unless the blockchain itself was decentralized (it can't function securely if completely local to validation server). iirc this is what Google is doing with its approach as well[0]. References: [0] http://www.certificate-transparency.org/ -- ---------------------------- Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "Knowing is not enough; we must apply. Willing is not enough; we must do." (Johann Wolfgang von Goethe)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users