On 1/27/2012 8:52 PM, John Clizbe wrote: > Having keyservers support no-modify requires that they first support crypto. > That's a really big step.
(John undoubtedly knows this, but I suspect a lot of people didn't catch the implications -- so let me elaborate.) SKS is a surprisingly lightweight thing: it requires very little in the way of CPU usage, even when making large updates. (My keyserver is currently running with a load of 0.06.) As soon as keyservers have to do bignum arithmetic on certificates, you're going to see a lot higher CPU loads. This doesn't mean "we should never ever do it," but it does mean before doing such a thing there would have to be broad consensus from the keyserver community to do it. It isn't just that no one's written the code: it's there's no community consensus to deploy such code, even if it were written. It would be a pretty major flag day. After all, if one keyserver enforces it and others don't, then that's going to create a pretty obvious syncing problem. It is, as he said, "a really big step." _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users