> Understood, but what speaks against a (syncing) public key server > system like the old pgp.com key server was, compared to the regular > key servers, which don't allow deletion of a key, by the owner and if > i remember correctly also only upload by the owner.
The pgp.com keyserver had some serious problems. When I was at PGP Security there were at least three engineers on the floor -- myself, Len Sassaman, and Randy Harmon (the keyserver admin!) -- who thought the keyserver was a pretty marginal idea specifically because we could be compelled by governments to do unpleasant things. None of us used that keyserver in our own personal lives. The pgp.com keyserver is also a *standalone* server. It does not sync with the keyserver network. (Search for 0xB44427C7, for instance. My cert has been in the SKS network for years, but as of this writing isn't in the pgp.com keyserver.) That's important for several reasons. It means it's very easy for governments to blackhole, for instance. And it also means it's possible to drop certificates. One of the other reasons SKS doesn't allow dropping information is because it lets two disagreeing keyservers figure out very easily what the canonical and correct data is: it is the union of the disparate data. As soon as you change this to allow for discarding data, suddenly each certificate needs to bear with it some way to prove to other keyservers that it's the most recent record and thus correct. Now you get into needing trusted timestamps, certifications of changes, adding crypto code into SKS, and ... things get out of hand quickly. If you like the PGP Global Directory, go for it. Use it! It still exists. But please, understand why SKS works the way it does before telling people to change it. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users