[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Re: Delete key from keyserver

From: news
Subject: Re: [Sks-devel] Re: Delete key from keyserver
Date: Wed, 8 Sep 2010 07:11:14 +0000

I'm out travelling, so just throwing out some food for thoughts that I can 
elaborate on later. Please excuse spelling errors, as I'm typing on my BB. 

Personally I'n not in favor of hastily adding a deletion method , as it has 
several major implications, but I much appreciate the discussion and agree it 
is good to have it well thought out in case of an 'attack' ( misuse of the 
intent of the sks network ).

The first issue is obviously a situation where a key owned by A is comprimised 
and subsequently revoked. User B, that got hold of a copy of user As private 
key now request a deletion of the key. If the server administrator indulge this 
request, user B now re-upload the non-revoked key or submit this directly to 
counterparties, that won't get the appropriate revocation certificate.

Another issue is on the server level of sks. Addition of a deletion token 
would, by my thoughts, result in a fragmentation of sks servers intu closer 
clusters. You would require a much greater degree of trust between the server 
operators in order to avoid misuse, and so effectively redusing the number of 
peers for each server, but as well limit the servers the peer would be 
'permitted' to recon with in order to be in the cluster. 

Granted this could be mitigated if only 'trusted introducers' (TI)  are able to 
add deletion tokens ( but as long as the protocol is open, this, itself, would 
require a lot of thought on implementation. E.g by adding an element to the key 
to be deleted that is signed by the TI. 

Kristian Fiskerstrand

Sent from my BlackBerry® wireless device

-----Original Message-----
From: Yaron Minsky <address@hidden>
Sender: address@hidden
Date: Tue, 7 Sep 2010 23:27:00 
To: Jeff Johnson<address@hidden>
Reply-To: address@hidden
Cc: <address@hidden>; Sebastien<address@hidden>; Ari 
Subject: Re: [Sks-devel] Re: Delete key from keyserver

Sks-devel mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]