Good article, but title little bit misleading? Broken in sense of "web of trust", but not in cryptographic sense? Or is this a first in series of articles that will show how OpenPGP is broken?
@nikolal Seems like it's more about web of trust. But, core functionality has an issue with a key that's 17mb from being signed by unknown keys on the key servers
Yes, thats how I understood it. Keyservers are outdated way of sharing keys, good solution is Keybase which devs can use to show their PGP keys alongside their proven social accounts, feels way safer that keys belong to people who are they representing to be. Users don't need Keybase account, they can just pull keys in traditional ways.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!