On Tue 2019-06-25 17:41:12 +0200, Dirk Gottschalk via Gnupg-users wrote: > Am Dienstag, den 25.06.2019, 16:30 +0200 schrieb Vincent Breitmoser: >> Have you considered the option to have keys cross-sign third party >> signatures for publication? It's a very slight switch in tooling if >> we assume a caff workflow, but that way each key remains in control >> of the public version of itself. > > I didn't consider it until you mentioned ist. A good idea, thanks.
One concrete proposal for a mechanism for how to do this at the protocol
level is "First-party-attested Third-party Certifications", documented
here:
https://tools.ietf.org/html/draft-dkg-openpgp-abuse-resistant-keystore-03#section-10
To make this feasible requires some work on the client side. The
protocol implementation is likely to be the easy part. The hard part is
the UI/UX work to make this something that a normal human can understand
and do without too much pain.
--dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
