sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Possible solution to "delete" keys

From: dirk astrath
Subject: Re: [Sks-devel] Possible solution to "delete" keys
Date: Tue, 29 Oct 2013 22:31:07 +0000
User-agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.0 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Kristian,

> Some off-the-top-of-my-head issues with this approach; (i) Who
> would determine who should have such delete capabilities? Is there
> any reason for key server operators to have any more "power" than
> anyone else? (ii) If someone is determined as such a "key deleter";
> is there legal culpability possibilities for keys not having been
> deleted (iii) SKS doesn't implement crypto, doing so on a keyserver
> will massively increase the resource requirements (iv) the data is
> still in the keystore and will have to be synchronized, anyone
> mallicious will be able to get the keydump directly and extract the
> data.

(i) and (ii) ... that's what i named at the end of my message ;-)
(iii) that's a black box for me ;-)
(iv) correct ... but not every keyserver-operator provides a keydump.

if i've to delete a special key from the database, i would hide it and
prevent everybody to download the keydump ... there are enough
non-european nodes who may provide a keydump ... ;-)

>> (4)  Key is deleted: Show key-id only and red marker "revoked"
> (i) This can be used as an attack vector to upload a forged key
> and delete the old one. (ii) Simply displaying revoked doesn't
> mean anything for OpenPGP implementations

(i) nope ... since the key isn't deleted: it's only marked as deleted.
therefore it cannot be replaced by the same key, but unrevoked or
undeleted ...

>> We have to decide the details of the procedure to mark a key as 
>> deleted in the database like "two or three sks-operators have to 
>> be sure", "email-verification", "can be deleted only, if an 
>> encrypted mail has been sent" etc. ...
> A key isn't less valid even if a domain name expire and a new user 
> takes control of that domain.

correct ... that's why i mentioned, that the details of the procedure
had to be decided ... ;-)

best regards ...

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEUEARECAAYFAlJwNyoACgkQVuf/iihAxwgrvQCgxPjffSkfDc6u7Z6zzzi+Ax0U
W0UAmN18xL03mLxRuzYW1qp0OHvm8gY=
=EhsQ
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]