Comment 0 for bug 1133339

Similar to the "unlisted key" feature, user signs a message to Hockeypuck with instructions to only allow updates to that key material from the owner. Owner would then need to add a signed token with each /pks/add request.

We could provide a shell script to make this easier. hkp-key or something to that effect. Or maybe allow a mix of aliases, fingerprints, and HKP servers that are allowed to make updates:

$ hkp-key update-policy owner
$ hkp-key update-policy owner,0xdeadbeef,hkp://pool.sks-keyservers.net

Need to work out the authentication protocol, as this will also be used in LP: #1074224 and any other HKP extension that gives the user more control over their own key distribution. The hkp-key script could PGP-sign the POST payload and add the detached sig to a custom HTTP header.