On Sun, 27 May 2018 19:00:04 +0200,
Leo Gaspard wrote:
Indeed it's already possible, the issue with this solution being that
people willing to rely on signatures by the master key now need to
download two keys (the master key and the trusted introducer), and
another one after any compromise, while certification subkeys are
downloaded and updated at the same time as the master key, thus making
for more easy-to-use WoT.
That's true. But, I'd argue that this is more of a tooling problem:
when the tool is computing the WoT and it encounters a trusted
introducer has tsigned a key, which is not available, it should
proactively download the key.
:) Neal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp