December 19, 2025

Keys, GIFs, and GDPR ghosts

Article URL →HN comments →

Building a Transparent Keyserver

New “honesty log” keyserver sparks GIF wars, GDPR ghosts, and trust drama

TLDR: A new keyserver for the age encryption tool uses a public “honesty log” to stop sneaky key swaps and hold operators accountable. Commenters cheer the concept but argue over trust, old SKS vs. new transparency, GDPR alarms, clunky commands, and even how to pronounce “age.”

Filippo Valsorda just shipped a transparent keyserver for age (a simple file encryption tool), using a public, append‑only “honesty log” so a shady operator can’t swap your friend’s key with a fake. He even had an AI helper build the boring bits, and the result is live at keyserver.geomys.org. But the comments immediately spun into pronunciation beef: one reader points out the author says “age” with a hard G, like GIF, and the thread descends into memes and side‑eye. Another roast lands on the current command‑line example, calling it “extremely ugly.” Translation: great idea… can we make it cute?

Then came the trust wars. Old‑school crypto fans insist the bygone SKS keyserver network already did the append‑only thing and ask why we need new bells and whistles—one even dropped a GDPR bomb, calling SKS’s design “effectively illegal.” A security purist pushes harder: without hardware attestation or code transparency, an operator could “mimic the appearance of the log.” Supporters counter that transparency logs make bad behavior public and auditable, shifting trust from blind faith to community oversight. Between GIF jokes and GDPR ghosts, the vibe is clear: people love accountability, hate ugly UX, and will fight to the last vowel over how to say “age.” See more at the Transparency.dev blog.

Key Points

  • The article builds a centralized keyserver to look up age public keys, available at keyserver.geomys.org.
  • Transparency log technology, modeled on the Go Checksum Database, is integrated to prevent undetectable malicious key insertion.
  • Users authenticate via email to set public keys; lookups are by email address, with rate limiting and CAPTCHA for spam control.
  • Implementation details include a Go server, SQLite database, lookup and set APIs with email authentication, and a Go CLI.
  • Transparency logs provide append-only, globally consistent entries with inclusion proofs, enabling accountability via monitoring.

Hottest takes

“like GIF” — notyourancilla
“effectively illegal due to the GDPR” — upofadown
“operator can just mimic the appearance of the log” — sublimefire

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.