On 17/01/18 15:32, Daniel Kahn Gillmor wrote: > i don't think you need an extension to OpenPGP at all to do this -- you > just need policy. The policy could be (for example):
The main technical question is where should this policy be applied? 1. At upload stage - easy to implement, but requires all keyservers to cooperate. It also means starting from an empty set, effectively building a parallel keyserver network from scratch. 2. At replication stage - this would be effective, but to the best of our knowledge would cripple the algorithm. 3. At search/display stage - almost as easy as 1, although more computationally intensive as it would need to be calculated per download (caching may help). Can be retrofitted to existing keyservers. -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users