diff --git a/guix/channels.scm b/guix/channels.scm
index 3cc3b4c438..05226e766b 100644
--- a/guix/channels.scm
+++ b/guix/channels.scm
@@ -47,6 +47,7 @@ (define-module (guix channels)
   #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-34)
   #:use-module (srfi srfi-35)
+  #:autoload   (guix describe) (current-channels) ;XXX: circular dep
   #:autoload   (guix self) (whole-package make-config.scm)
   #:autoload   (guix inferior) (gexp->derivation-in-inferior) ;FIXME: circular dep
   #:autoload   (guix quirks) (%quirks %patches applicable-patch? apply-patch)
@@ -344,6 +345,18 @@ (define (make-reporter start-commit end-commit commits)
 
     (progress-reporter/bar (length commits)))
 
+  (define authentic-commits
+    ;; Consider the currently-used commit of CHANNEL as authentic so
+    ;; authentication can skip it and all its closure.
+    (match (find (lambda (candidate)
+                   (eq? (channel-name candidate) (channel-name channel)))
+                 (current-channels))
+      (#f '())
+      (channel
+       (if (channel-commit channel)
+           (list (channel-commit channel))
+           '()))))
+
   ;; XXX: Too bad we need to re-open CHECKOUT.
   (with-repository checkout repository
     (authenticate-repository repository
@@ -354,6 +367,7 @@ (define (make-reporter start-commit end-commit commits)
                              #:keyring-reference
                              (string-append keyring-reference-prefix
                                             keyring-reference)
+                             #:authentic-commits authentic-commits
                              #:make-reporter make-reporter
                              #:cache-key cache-key)))
 
diff --git a/guix/git-authenticate.scm b/guix/git-authenticate.scm
index 4ab5419bd6..ab3fcd8b2f 100644
--- a/guix/git-authenticate.scm
+++ b/guix/git-authenticate.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -376,12 +376,14 @@ (define* (authenticate-repository repository start signer
                                   (cache-key (repository-cache-key repository))
                                   (end (reference-target
                                         (repository-head repository)))
+                                  (authentic-commits '())
                                   (historical-authorizations '())
                                   (make-reporter
                                    (const progress-reporter/silent)))
   "Authenticate REPOSITORY up to commit END, an OID.  Authentication starts
 with commit START, an OID, which must be signed by SIGNER; an exception is
-raised if that is not the case.  Return an alist mapping OpenPGP public keys
+raised if that is not the case.  Commits listed in AUTHENTIC-COMMITS and their
+closure are considered authentic.  Return an alist mapping OpenPGP public keys
 to the number of commits signed by that key that have been traversed.
 
 The OpenPGP keyring is loaded from KEYRING-REFERENCE in REPOSITORY, where
@@ -404,7 +406,8 @@ (define authenticated-commits
     (filter-map (lambda (id)
                   (false-if-git-not-found
                    (commit-lookup repository (string->oid id))))
-                (previously-authenticated-commits cache-key)))
+                (append (previously-authenticated-commits cache-key)
+                        authentic-commits)))
 
   (define commits
     ;; Commits to authenticate, excluding the closure of