On Mon, 27 Jul 2015 14:15, n...@walfield.org said: > The approach also has another problem: which key servers are going to > do this? There are 100s of key servers. I'm not going to reply to > mails from each one, sorry.
As Nico described, PGP used a very simlar system to validate keys and expire them based on the date of the last validation. However, that system worked with because they control the central server and the server did not sync with the other keyserver automatically. The validation signature you find on some the keys are due to faulty manual syncing (download from pgp.com upload to pgp.net). A solid approach for central crypto server. > I'd also consider having the key servers publish the validations. If > you chain the validations (include the hash of the previous validation You can't do that due to the decentralized approach with no requirement for the user to always upload to the same keyserver. Thus a server may miss validation signatures not yet received from other servers. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users