[upofadown]

The OpenPGP SKS keyservers are broken because they are append only. So script kiddies can do stuff like signing a particular key zillions of times or swamping the servers with zillions of bogus OpenPGP identities. Afterwards there is no way to fix things.

The system discussed in the article (Parakeet) is also append only. So it would be vulnerable to the same sort of attacks. The difference is that it can eventually expire old entries in a reasonable way to free up resources. So no help against signature attacks but possibly of help against the resource usage of bogus identities. The bogus identities would still exist though.

I think there might be merit to the overall idea of having a semi-trusted entity in charge of the system and then making it so that others can judge that what that entity is doing is reasonable. Still a problem if the entity goes rogue and you have to replace it. I suppose that is a problem in the Whatsapp case as well.