Daniel Kahn Gillmor <dkg(_at_)fifthhorseman(_dot_)net> writes:
[selfsig-primary]
The most recent self-sig over the User ID identified in [valid-uid]
should be marked as the primary User ID.
This expectation doesn't make sense. I have multiple IDs representing
my personal and work addresses. My primary address is my personal one,
but I've had it longer than I've had my current, hence this ID is not
the newest.
[wot-published]
The key and associated [valid-uid] and [subkey-encryption] (and their
most recent binding signatures) should be visible from keyservers in the
current Web of Trust (maybe this would be a network check against the
SKS pool?).
Many people have no wish to have their key on public keyservers; there's
even a flag you can set (no-ks-modify) to request that others not upload
it. Some people might only use PGP among a small, well-delineated group
and exchange keys by sneakernet. Also, from when I ran a keyserver a
few years back, I'm fairly sure I remember seeing logs of it being
perused by spammers.
--
Daniel Franke df(_at_)dfranke(_dot_)us http://www.dfranke.us
|----| =|\ \\\\
|| * | -|-\--------- Man is free at the instant he wants to be.
-----| =| \ /// --Voltaire