Andrew Gallagher wrote: > > > On 19 Sep 2020, at 20:05, Stefan Claas <s...@300baud.de> wrote: > > > > Well, there is IMHO a good replacement for SKS available, called > > hockeypuck and it is written in modern Golang. > > This is beside the point. SKS is both a protocol and an implementation. > Hockeypuck is a reimplementation of the same protocol > and is so is vulnerable to the same poisoning issues. > > The problem with the SKS *protocol* is very hard to fix, because designing a > universal, publicly writable datastore means > solving a trilemma: censorship resistance, vandalism resistance, and > decentralisation. SKS prioritises censorship resistance > and decentralisation, and so is vulnerable to vandalism. Hagrid “solves” the > vandalism problem by abandoning > decentralisation. WKD steps outside the problem space by abandoning > universality. All these are valid alternatives, but none > can be called a “replacement”.
*With all due respect*, the problems you mention with the SKS protocol is IMHO absolutely solvable with hockeypuck if the author implements the same Mailvelope or Hagrid confirmation process for its users, or it would honor the SKS --no-modify flag, Werner implemented long time ago in GnuPG. And if (former) SKS key server operators would be honest this could be solved with hockeypuck and if not people which are using GnuPG or OpenPGP apps may wondering how it comes that a client/server model for *security/privacy* software is from the SKS server side globally still operated, if it can not *protect* their users pub keys adequately? I am very sorry to say that but all arguments from former or current SKS operators do not convince me nor do they show the OpenPGP users community willingness or advancements in this area, to be taken serious. Best regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
