But I am not arguing for first com first served. I am arguing that the
age of an endorsement is significant. An attacker can easily set up an
endorsement cartel with 100 people signing each other's keys. But they
can't backdate the endorsements to ten years before they decided they
needed them.
I don't expect to understand most of the hashes in a log of hashed
signatures. I wonder how many cloned subsets would be buried in case
they're later needed, and what can be done about that. The best I can
think of is a transparency log---to not hash those. Big public signers
should offer such logs. Private citizens signing each others keys
probably won't, but it's still valuable to have a standard format for
non-public endorsements.
Presumably keys should be able to carry a note indicating that
keysignatures should only be trusted if in a log.
-Brian
--
Brian Sniffen
"I reserve the right to evolve my views, and state that views I previously
expressed may have been somewhere along the spectrum from insufficiently
nuanced through ill-informed to dead wrong."
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp