The good old SKS network achieves most or all of the advantages of key transparency in a simpler way by being append-only. An attacker could downgrade your PGP identity on one server but the rest would have the newest version you uploaded to the network.

There was a theory floating around back in 2018 that the append-only nature of the SKS network makes it effectively illegal due to the GDPR "right to erasure" but nothing came of that and the SKS network is still alive:

* https://spider.pgpkeys.eu/

▲

FiloSottile 3 days ago | parent [-]

The SKS network is append-only in aspiration. There is nothing like a Merkle tree stopping a server in the pool (or a MitM) from serving a fake key to a client. The whole point of tlogs is holding systems like that accountable. Also, the section on VRFs of the article addresses precisely the user removal issue.

	▲	upofadown 3 days ago \| parent [-]
		A single SKS server can not serve a fake key, only a valid key that existed in the past. This might be done to maliciously unrevoke a key. The normal PGP key integrity prevents straight up forgeries.