On 17/01/18 15:32, Daniel Kahn Gillmor wrote:
> i don't think you need an extension to OpenPGP at all to do this -- you
> just need policy.  The policy could be (for example):

The main technical question is where should this policy be applied?

1. At upload stage - easy to implement, but requires all keyservers to
cooperate. It also means starting from an empty set, effectively
building a parallel keyserver network from scratch.

2. At replication stage - this would be effective, but to the best of
our knowledge would cripple the algorithm.

3. At search/display stage - almost as easy as 1, although more
computationally intensive as it would need to be calculated per download
(caching may help). Can be retrofitted to existing keyservers.

-- 
Andrew Gallagher

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to