add FAQ page

dist/assets/site.css

@@ -26,10 +26,6 @@ h1 {
   padding-bottom: 1em;
 }
 
-p {
-  padding-bottom: 0.5em;
-}
-
 .ui p {
   line-height: 1.8em;
 }

dist/templates/about/about.html.hbs

@@ -1,6 +1,6 @@
 {{#> layout }}
 <div class="about">
-    <center><h2>About | <a href="/about/usage">Usage</a> | <a href="/about/privacy">Privacy Policy</a> | <a href="/about/api">API Docs</a></h2></center>
+    <center><h2>About | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | <a href="/about/privacy">Privacy Policy</a> | <a href="/about/api">API</a></h2></center>
 
     <p>
         The <tt>keys.openpgp.org</tt> server is a public service for the
@@ -19,9 +19,10 @@
     </p>
 
     <ul>
-        <li><strong>Cryptographic metadata</strong> is all the technical
-            information about the key itself, such as its expiry date, whether
-            it is revoked or not, or how it can be used for encryption.
+        <li><strong>Technical data</strong> is all the technical information
+            about the key itself. This means the large numbers used for
+            cryptographic operations, but also metadata like its expiry date,
+            and whether it is revoked or not.
         </li>
         <li><strong>Identity information</strong> includes the parts of
             a key that identify its owner (known as "User IDs"), in
@@ -36,19 +37,19 @@
     </p>
 
     <p>
-        The cryptographic metadata of keys can be freely up- and downloaded on
+        The technical data of keys can be freely up- and downloaded on
         <span class="brand">keys.openpgp.org</span>.  It consists of technical
-        information only, which can't be used to identify its owner. It is
-        important for OpenPGP software to keep this information up to date, in
-        order to maintain secure and reliable communication.
+        information only, which can't be used to identify its owner.  However,
+        it is important for OpenPGP software to keep this information up to
+        date, in order to maintain secure and reliable communication.
     </p>
 
     <p>
         The identity information in an OpenPGP key is only distributed with
         consent. It contains personal data, and is not strictly necessary for
         a key to be used for encryption or signature verification. Once the
-        owner gives consent by verifying their e-mail address, the key can then
-        be found by others in a search by address.
+        owner gives consent by verifying their e-mail address, the key can
+        be found by everyone via search by address.
     </p>
 
     <h3>Community and platform</h3>

dist/templates/about/api.html.hbs

@@ -1,6 +1,6 @@
 {{#> layout }}
 <div class="about">
-  <center><h2><a href="/about">About</a> | <a href="/about/usage">Usage</a> | <a href="/about/privacy">Privacy Policy</a> | API Docs</h2></center>
+    <center><h2><a href="/about">About</a> | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | <a href="/about/privacy">Privacy Policy</a> | API</h2></center>
 
   <p>
     Hagrid implements both the legacy HKP interface, as well as our

dist/templates/about/faq.html.hbs

@@ -0,0 +1,60 @@
+{{#> layout }}
+<div class="about">
+
+    <center><h2><a href="/about">About</a> | <a href="/about/usage">Usage</a> | FAQ | <a href="/about/privacy">Privacy Policy</a> | <a href="/about/api">API</a></h2></center>
+
+    <h3>Why not sign keys after verification?</h3>
+
+    The <span class="brand">keys.openpgp.org</span> service is meant for key
+    distribution and discovery, not as a de-facto CA.  Client implementations
+    that want to offer verified communication should rely on their own trust
+    model.
+
+    <h3>Why not encrypt verification e-mails?</h3>
+
+    Various reasons:
+    <ol>
+        <li>It is more complicated, both for our users and for us.</li>
+        <li>It doesn't prevent attacks - an attacker gains nothing from
+            uploading a key they don't have access to.</li>
+        <li>Deletion would still have to be possible even when a key is
+            lost.</li>
+        <li>It would require a different (and more complicated) mechanism to
+            upload keys that can only sign.</li>
+    </ol>
+
+    <h3>Is <span class="brand">keys.openpgp.org</span> part of the "SKS" pool?</h3>
+
+    <p>No. The "append-only" federation model of the SKS pool leads to various
+        problems, that make both operation and use of those servers very
+        difficult.  There is also no simple way to store information about
+        e-mail verification in a federated way.
+    </p>
+    <p>We do plan to explore options for a distributed service in the future, so
+        users can choose between different service operators again.
+    </p>
+
+    <!--
+    <ul>
+        <li><b>Do not distribute unverified or malicious data</b>
+            <p>Unlike traditional keyservers, <tt>keys.openpgp.org</tt> does not
+                distribute key material that isn't cryptographically verified.
+                This protects keys from unwanted spam, and helps protect the
+                service itself against "denial of service" attacks.
+            </p>
+            <p>We also do not distribute "third-party" signatures on keys. These
+                kinds of signatures were typically used to "sign" the keys of
+                others, in order to support a "Web of Trust" trust model. This
+                model meant that third parties could attach arbitrary spam to
+                any key, but didn't prove itself as a very effective trust model
+                in practice.
+            </p>
+            <p>We are open to alternative approaches that might be implemented
+                in the future, that avoid this issue.
+            </p>
+        </li>
+    </ul>
+    -->
+
+</div>
+{{/layout}}

dist/templates/about/privacy.html.hbs

@@ -1,7 +1,7 @@
 {{#> layout }}
 <div class="about">
 
-    <center><h2><a href="/about">About</a> | <a href="/about/usage">Usage</a> | Privacy Policy | <a href="/about/api">API Docs</a></h2></center>
+    <center><h2><a href="/about">About</a> | <a href="/about/usage">Usage</a> | <a href="/about/faq">FAQ</a> | Privacy Policy | <a href="/about/api">API</a></h2></center>
 
     <p style="text-align: left;">
         The public keyserver running on keys.openpgp.org processes, stores and

dist/templates/about/usage.html.hbs

@@ -1,6 +1,6 @@
 {{#> layout }}
 <div class="about usage">
-    <center><h2><a href="/about">About</a> | Usage | <a href="/about/privacy">Privacy Policy</a> | <a href="/about/api">API Docs</a></h2></center>
+    <center><h2><a href="/about">About</a> | Usage | <a href="/about/faq">FAQ</a> | <a href="/about/privacy">Privacy Policy</a> | <a href="/about/api">API</a></h2></center>
 
     <p>
         On this page, we collect information on how to use

src/web/mod.rs

@@ -274,6 +274,11 @@ fn about() -> Template {
     Template::render("about/about", templates::General::default())
 }
 
+#[get("/about/faq")]
+fn faq() -> Template {
+    Template::render("about/faq", templates::General::default())
+}
+
 #[get("/about/usage")]
 fn usage() -> Template {
     Template::render("about/usage", templates::General::default())
@@ -300,6 +305,7 @@ fn rocket_factory(rocket: rocket::Rocket) -> Result<rocket::Rocket> {
         about,
         privacy,
         apidoc,
+        faq,
         usage,
         files,
         // VKSv1