Hacker News new | past | comments | ask | show | jobs | submit login

I don't understand why this needs a new "key endorsement" infrastructure - isn't that exactly what certifications ("signing other people's keys") is meant for? Why not use one of the existing OpenPGP signature types to differentiate "old style" signatures from new "key endorsements"?



As the post says: « Each person has and keeps having their own policy for signing keys. ».

Many people will only sign keys if they have confidence that the name on the key is its controller's "real name" in some sense.

Maybe there'd be a way to model this new kind of endorsement in the distributed database made up of keys and signatures (using signature types or whatever), but it doesn't surprise me if the Debian account maintainers think that a centralised database of assertions that exist for Debian's purposes is going to give them an easier life.


This does not answer my question: You can still use the OpenPGP Signature scheme to implement this, and pick or invent a signature type to avoid the mix-up with existing signatures. You can still enforce "A centralized database", which in fact they already do with the Debian keyring. Such "endorsements" is exactly what OpenPGP signatures, and key upload protocols, are made for.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: