Hi, Marc.
- I don't want my key on the keyservers at all.
Your proposal solves this problem, but in my experience, this almost
never happens.
2 years ago, I got a complain e-mail about adding public key by a
third party. Then I thought multi-phase commit for keyserver. But my
idea looks crypto-over-kill for our public keyserver.
Step 1: User submit their public key to keyserver.
Step 2: Keyserver save this public key in queue database.
Step 3: keyserver returns "ticket (challenge random number)"
which is encrypted by user's public key.
Step 4: After User decrypt received "ticket", user sign "ticket" by
their secret key and send "signed ticket" to keyserver.
Step 5: Keyserver check "signed ticket" by user's queued public
key.
Ture -> move it to public-open database.
False -> delete from queue database.
Note: When keyserver use this scheme, Sync data must be signed
or something against forge sync data.
(Also adding MAC looks good).
This solution is not simple and powerful CPU is required for
keyserver. But I'm not sure that it is too much cost for keyserver.
Please note that this is only idea and I don't recommend it.
--hironobu