Re: [Sks-devel] Proposal: Start verifying self-signatures

[Johan van Selst]

Daniel Roesler wrote:
> > The easiest way is to add a single child porn image to a UID and upload
> > it to the keyserver, and watch as worldwide every keyserver operator
> > either takes down their server, keeps it up but cooperates strongly with
> > authorities, or gets arrested.
> Your tactic adds much, much more significant legal risk since you
> could be arrested for sexual offenses (very long prison sentence plus
> lifelong branding). Most troll organizations don't cross this line,
> and take more technical approaches to DoS'ing a system.

There are many other texts or images which would be considered illegal
in some country, but not in others. To target Asian keyservers, just add
an inflammatory comment about their local leader. For US keyservers,
insert an image or text that is covered by local copyright, but not
copyrighted in your country (e.g. a Mickey Mouse picture). Or if you
prefer, grab something covered by the DMCA. Really, getting foreign
keyservers offline by having them spread content that is illegal
locally, but without breaking laws in your own country is not very hard.

> > The *next*-easiest way is to start filing EU data privacy directives.
> > For the price of a postage stamp you can take EU keyservers offline.
> Many servers are not located in the EU, so this would not DoS the
> keyserver system.

It would still have a serious impact. And other countries have other
laws that can be targetted by using the keyservers to spread dubious
content and then filing a complaint against it.


Regards,
Johan

pgpb9oshQFnxX.pgp
Description: PGP signature