Re: [Sks-devel] [openpgp-email] Keyservers and GDPR

[Yegor Timoshenko]

> Purpose 4, distribution of key signatures, worked as long as
> people didn't used the key listings of the server or tools for
> more or less funny messages. Uploading key signature should be
> possible only by the holder of the key. However, to enforce
> this the keyservers need to employ real crypto and won't be a
> lean service anymore. I think the distribution of keyservers,
> for those who still want to use the WoT, can be replaced by
> sending the signed keys only back to owner. In fact tools like
> caff suggest this use case.

Storing and distributing signatures with issuing keys (instead of
keys that are being signed) should limit abuse potential while
still allowing for WoT.

> Purpose 5 is not relevant for OpenPGP key distribution and
> actually the reason why the keyserver network has more or less
> broken down.

World-writable storage is problematic even if there is no search.
Proof of work and some operator-controllable data removal
mechanism (like opt-in key blacklists) can help limit this attack
vector.

Storing immutable data, distributed recon, proof of work, that
sounds like something a blockchain should do to me.