I consider the SKS Keyserver attack to just be further evidence supporting my opinion that immutable, append-only data-structures are absolutely inappropriate for social applications (which a keyserver is).
If your data store doesn't support deletes, it should be considered unsafe and not fit for purpose until proven otherwise.
I'm looking at you, Secure Scuttlebutt. Also, block-chains.
Imagine a similar spamming issue on a major Blockchain.
Wouldn't be that hard to imagine and the impact would be pretty severe.
@HerraBRE thats defintely an issue ive had with ssb. its great for things like scientific research and world event documentation, but is a bit scary for opinions and commmentary.
@HerraBRE Yep, that's what keys.openpgp.org is all about.
@djoerd They do but it's a fairly recent innovation and not fully adopted. See Autocrypt (which embeds keys in email messages) and https://tools.ietf.org/html/draft-koch-openpgp-webkey-service-07 for a standard for fetching keys from web sites.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!