On 16/08/2019 17:23, Stefan Claas wrote: > They should not vouch for others only sign a monthly statement, which > Kristian can add to a column in his pool site. And like I said it > would *not* hurt! If however more key server operators are against > this suggestion then IMHO at least people know that operators may > like to share dumps with 3rd parties, for whatever reasons they may > have.
What would that statement say? "I don't explicitly provide dumps to third parties, but I sync my keyserver with random strangers on the internet, and that's *totally* not *exactly* the same thing." ? :-P The only way to prevent the SKS dataset getting into arbitrary people's hands is for all the existing keyservers to refuse to sync with anyone who's not vouched-for and trustworthy - which will turn the keyservers into a closed network. That may or may not be *wrong*, but it would be a fundamental change to the entire premise of the system. And as Hendrik pointed out above, you can't bootstrap a new SKS keyserver without a dump. -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
