New keyserver at keys.openpgp.org - what's your take?
Wiktor Kwapisiewicz
wiktor at metacode.biz
Fri Jun 14 11:59:16 CEST 2019
Hi Oscar,
On 14.06.2019 10:12, Oscar Carlsson via Gnupg-users wrote:
> I'm generally curious on your opinions on the latest new keyserver, this
> time running a new software than the normal keyservers.
It's definitely faster and more responsive. That was my personal pain
point when interacting with SKS. For example I'm working on a small
thing that fetches keys from keyservers. I push my modified key, fetch
it from SKS and... nope, no changes are visible (because of nginx
caching). Then a different, old set of data is visible. Then timeout.
Etc. keys.openpgp.org just works. I push data and it's available.
> They seem to have a different model which minimize the amount of
> information available, to be compliant with GDPR and friends. Do you
> think there are any downsides to this?
Storing endless amounts of data without any kind of verification was a
bad idea. Maybe SKS was designed in good old times when no-one would try
to take advantage of it but in 2019 validating e-mail address is bare
minimum a service such as this should do.
The current shortcoming is stripping third-party signatures. So Web of
Trust wouldn't work (for good reasons described in the FAQ [0]). For
some people this may be surprising.
[0]: https://keys.openpgp.org/about/faq#third-party-signatures
For the record I don't think keys.openpgp.org is in any way
revolutionary as it is now. It's a bare minimum keyserver that OpenPGP
needed for a long time. Fortunately the team behind it has more ideas
that could only improve the overall image and UX of OpenPGP in the wider
community.
Kind regards,
Wiktor
--
https://metacode.biz/@wiktor
More information about the Gnupg-users
mailing list