[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] terminating

From: Peter Pramberger
Subject: Re: [Sks-devel] terminating
Date: Tue, 07 Sep 2010 21:35:20 +0200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; de-AT; rv: Gecko/20100701 SeaMonkey/2.0.6

Hash: SHA1

Johan van Selst schrieb am 07.09.2010 21:11:
> This is bad news indeed. I don't live in Austria, but I'm sure many
> countries, including mine, have similar legislation. And I don't believe
> there's a general technical answer to this. The PGP keyservers basically
> use an 'add once and remember forever' principle. Now, if I remember
> correctly, sks has a 'drop' feature to remove individual keys from a
> keyserver, but I not sure that this permanently deletes certain keys
> (it might be added again with later manual or automatic updates).

No, it gets back on the next recon run.

> It may be useful to have a permanent local blacklist for individual
> servers, that lists key-IDs or even email addresses that should not be
> tracked in the PGP key database. I suppose this would be sufficient to
> comply with the legislation regarding similar complaints, but I'm no
> legal expert either.

This is exactly what was intentionally NOT designed in - to prevent any form
of censorship and data manipulation. How do you ensure that the blocking
request comes from an authorized person? And what comes afterwards? Every
public key with a lost passphrase, private key would end on this blacklist.
After some time you'll need a second database for all suppressed keys...

And not to forget: to prevent segmentation of the keyserver network, you'd
have to synchronize the filter list across all keyservers.


Version: GnuPG v2.0.14 (MingW32)
Comment: Using GnuPG with Mozilla -


reply via email to

[Prev in Thread] Current Thread [Next in Thread]