Motivation

Currently, operators have to manage the key database through either the (clunky) /pks/delete interface, or by making queries directly against postgres. There are some helper scripts under the contrib directory, but they are far from ideal.

In addition, blocklists are currently maintained in the config file, but this does not scale. Some operators have hundreds blocked keys purely due to RTBF requests, and it would be nice if we could also bulk-block keys from known spamming campaigns.

Examples of interactions

TBC

Design

We will implement an admin API at /pks/admin, using OpenPGP signatures for authentication, to replace the admin usage of /pks/delete and /pks/replace. We will also implement table blocklists and allow them to be manipulated via the admin API.

We will also implement client-facing tools to make the API pleasant. These may be command-line or web-based (to be decided).

Out of scope

TBC

Security considerations

TBC

Compatibility

TBC