On 9/7/2010 9:50 PM, Yaron Minsky wrote:
I think that a basic form of deletion is pretty easy,
and requires no real research The algorithm is simple. You
simply add a new kind of pseudo-key to be gossiped around: a
deletion token. In the simplest version, the deletion token never
expires; it's a permanent addition to the database. But the
effect of adding the deletion token is that the thing it wants to
delete is effectively removed. With a small amount of extra
cleverness, one can allow the deletion token to be removed
eventually as well. But given the small number of deletions that
appear to be necessary, it hardly seems urgent.
I see no reason to think the number of deletions will be small. My
nightmare scenario involves people with an interest in illegal
information discovering the keyserver network makes a good vehicle
for dissemination of relatively small pieces of illegal
information. All it takes is one person discovering this and others
thinking it's a good idea and the next thing you know we've got
keyservers drowned in spam. It's just that this spam could get
keyserver operators arrested for distribution of illegal
information.
(Note: although I see no reason to think the number of deletions
will be small, there is also no reason to think my nightmare
scenario will come to pass. We simply
do not know how many
deletions will be necessary. I think we ought keep this lack of
knowledge in mind when we discuss solutions.)