[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Re: Delete key from keyserver

From: Jeff Johnson
Subject: Re: [Sks-devel] Re: Delete key from keyserver
Date: Tue, 07 Sep 2010 18:31:00 -0400

On Jul 8, 2010, at 11:34 AM, Ari Trachtenberg wrote:

> The backend data structure supporting SKS does not yet support true deletion.
> We are researching this (but it will take some time :-)

Now would be a _PERFECT_ time for some research to be actively deployed. ;-)


Since their are only 50-100 (just a rough estimate) SKS servers, a key could
most definitely be dropped with a modest amount of coordination.

Consider what happens if the reconciliation protocol version is incremented and 
2 machines
deploy with the version++ protocol on a store that DROPS the offending key
and actively filters that key going forward.

So there would be 2 SKS nets, and a need to coordinate a switchover from
one store to the other.

Please note that I am NOT suggesting that the SKS protocol be incremented
(though that would most definitely "work").

What I am suggesting is that -- with a modest amount of coordination --
there are solutions that could be devised in order to solve a "real world"

This isn't the first person who decided to lititigate, and won't be the last.

JMHO, YMMV, I'm game for version++ (though I think there are most definitely 
ways to drop a pubkey than rev'ing the SKS reconciliation protocol version) if 
anyone else

73 de Jeff

>       -Ari
> On Jul 8, 2010, at 6:37 AM, Sebastien wrote:
>> Since I have no web interface running, I did this:
>> #-- exporting the public key I want to drop in SKS database
>> gpg --export --armor --output mykey.asc -- myname
>> #-- getting the MD5 hash of that key
>> md5sum mykey.asc
>> then
>> #-- dropping the key from SKS using MD5 hash previousy retreived
>> sks drop <mykey.asc_md5sum>
>> Result:
>> #-- key no longer exist in key server database
>> gpg --keyserver my_sks_server --seach-keys -- myname
>> This could be fine... but I cannot add a new key anymore. Seems that SKS 
>> database is corrupted now. Any idea ?
>> _______________________________________________
>> Sks-devel mailing list
>> address@hidden
> _______________________________________________
> Sks-devel mailing list
> address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]