[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Re: Delete key from keyserver

From: Jeff Johnson
Subject: Re: [Sks-devel] Re: Delete key from keyserver
Date: Tue, 07 Sep 2010 22:57:48 -0400

On Sep 7, 2010, at 10:46 PM, Robert J. Hansen wrote:

On 9/7/2010 9:50 PM, Yaron Minsky wrote:
I think that a basic form of deletion is pretty easy, and requires no real research  The algorithm is simple.  You simply add a new kind of pseudo-key to be gossiped around: a deletion token.  In the simplest version, the deletion token never expires; it's a permanent addition to the database.  But the effect of adding the deletion token is that the thing it wants to delete is effectively removed.  With a small amount of extra cleverness, one can allow the deletion token to be removed eventually as well.  But given the small number of deletions that appear to be necessary, it hardly seems urgent.

I see no reason to think the number of deletions will be small.  My nightmare scenario involves people with an interest in illegal information discovering the keyserver network makes a good vehicle for dissemination of relatively small pieces of illegal information.  All it takes is one person discovering this and others thinking it's a good idea and the next thing you know we've got keyservers drowned in spam.  It's just that this spam could get keyserver operators arrested for distribution of illegal information.

Well yes but ... this is NOT an illegal piece of information until litigated afaik.

And the pubkey was a previously legal piece of information or it never would
have ended up on a SKS keyserver in the first place. Someone changed
their mind and has a right to their privacy.

(Note: although I see no reason to think the number of deletions will be small, there is also no reason to think my nightmare scenario will come to pass.  We simply do not know how many deletions will be necessary.  I think we ought keep this lack of knowledge in mind when we discuss solutions.)

The number of deletions SHOULD be of the same order as the number of servers,
modulo time lag from distribution latency, and servers entering/exiting from pools, etc.

This assumes that only SKS servers need protection; there WILL be multiple
occurences of the offending pubkey everywhere in keyrings, but that
should NOT be the SKS keyserver operator's problem or risk.

There are additional issues that WILL need to be thought through because
-- once a mechanism exists to erase pubkeys -- that system MIGHT
be abused in other ways.

Or am I missing something essential here?

73 de Jeff

reply via email to

[Prev in Thread] Current Thread [Next in Thread]