It may not have been clear the way to work with the no-modify flag, but
I feel you are changing its meaning now. By making it mean "do not
redistribute third-party certifications", the result is having old
clients that yet the no.modify flag yet are unable to make the needed
attestations.
I think this should be a new keyserver preferences flag. Eg. it could be
called attested-certifications-only or drop-unattested-certifications.
Kind regards
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp