[Sks-devel] Keyservers and GDPR

Werner Koch wk at gnupg.org
Wed May 29 09:07:26 CEST 2019


On Mon, 27 May 2019 13:30, kristian.fiskerstrand at sumptuouscapital.com
said:

> requiring load-balanced setup with minimum of 3 nodes on modern hardware
> (e.g a node today requires a minimum of 8 GiB of RAM to be responsive
> during merge of certain keys). The propagation time between the servers

Which would support my point to redesign the keyservers to

 - Inhibit searches by user id.
 
 - Drop all key signatures except for self-signatures and designated
   revocations.

The first change will make Gnupg --search-keys useless and that command
could thus be changed to do a --locate-key with disabled local keyring.

The second requires that key-signatures must be send to the key owner
directly, which is anyway what most people do.  And obviously the key
owner needs to distribute them by other means than the keyservers to
make the few WoT users happy.

Right, this requires that self-signatures are verified on upload.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190529/35a67379/attachment.sig>


More information about the Gnupg-devel mailing list