Wiktor Kwapisiewicz dijo [Wed, Jun 23, 2021 at 08:29:04AM +0200]: > > (For full disclosure: I recently joined a PhD program, and my study > > subject is how to keep the decentralized properties of the WoT network > > while at the same time being able to counter the attacks we have seen > > on it). > > You may be interested in this Merge Request: > https://gitlab.com/hagrid-keyserver/hagrid/-/merge_requests/176
Thanks a lot Wiktor! Yes, this is certainly interesting to me -- I fear it falls very (too?) close to the proposal I wanted to make, so I'll have to go back to the thinking room, but after all I'm only at the very early stages of my program ☺ > In short this is about adding Attested Certifications support to > Hagrid. Attested Certifications are third-party signatures that are > "approved" by the key owner. This makes it easy to distinguish real > third-party signatures that the key owner cares for from flooded > signatures. > > Sadly they are not yet supported in GnuPG but adding them to Hagrid may > be a good way to solve the "chicken and egg" problem with this feature. > > For technical bits see rfc4880bis section 5.2.1: "0x16 Attested Key > Signature" > > https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-rfc4880bis-10#section-5.2.1 Thank you very much for the pointers.