Skip to main content

Abuse-Resistant OpenPGP Keystores

Document Type Expired Internet-Draft (individual)
Expired & archived
Author Daniel Kahn Gillmor
Last updated 2024-02-19 (Latest revision 2023-08-18)
RFC stream (None)
Intended RFC status (None)
Additional resources GitLab Repository
Other Repository
Issuer Tracker
Mailing List
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


OpenPGP transferable public keys are composite certificates, made up of primary keys, revocation signatures, direct key signatures, user IDs, identity certifications ("signature packets"), subkeys, and so on. They are often assembled by merging multiple certificates that all share the same primary key, and are distributed in public keystores. Unfortunately, since many keystores permit any third-party to add a certification with any content to any OpenPGP certificate, the assembled/merged form of a certificate can become unwieldy or undistributable. Furthermore, keystores that are searched by user ID or fingerprint can be made unusable for specific searches by public submission of bogus certificates. And finally, keystores open to public submission can also face simple resource exhaustion from flooding with bogus submissions, or legal or other risks from uploads of toxic data. This draft documents techniques that an archive of OpenPGP certificates can use to mitigate the impact of these various attacks, and the implications of these concerns and mitigations for the rest of the OpenPGP ecosystem.


Daniel Kahn Gillmor

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)