1. The monitoring client does not ensure that the checkpoint was created recently, so a malicious log can conceal malicious entries from monitors by serving an old checkpoint.
2. Though the age keyserver policy is not configured this way, the post suggests you could create a policy that requires only a minority of witnesses (e.g. 3 of 10) to cosign a checkpoint. If you do this, then monitors have to get checkpoints that are cosigned by at least 8 of the 10 witnesses. Otherwise, a malicious log could present one view to relying parties that is cosigned by one set of witnesses, and a different view to monitors that is cosigned by a different set of witnesses. There is currently no mechanism specified for monitors to get these extra cosignatures, so if you go with a minority policy you'll need to invent your own stuff in order for witnessing to actually accomplish anything.
I'll add a note to the part of the article that mentions non-majority policies.
age -r $(go run filippo.io/torchwood/cmd/age-keylookup@main joe@example.com)Switched to
go install filippo.io/torchwood/cmd/age-keylookup@main
age -r $(age-keylookup alice@example.com)
Of all the words we could've used to explain how to pronounce something
Glad I preserved a tweet that commented on a subheadline at The Verge from when the creator of the GIF died:
Subheadline from The Verge: "It's pronounced 'jif'"
Tweet: "I guess he's with jod now"
There was a theory floating around back in 2018 that the append-only nature of the SKS network makes it effectively illegal due to the GDPR "right to erasure" but nothing came of that and the SKS network is still alive: