[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] IPv6 peering; keydumps annoyingly large
From: |
David Shaw |
Subject: |
Re: [Sks-devel] IPv6 peering; keydumps annoyingly large |
Date: |
Wed, 1 Jun 2011 17:45:55 -0400 |
On Jun 1, 2011, at 1:14 PM, Xian Stannard wrote:
> I can see that it is bad to loose keys that are in use, but why must
> every key from day zero be kept? The deletion need not be probibitive of
> the key being uploaded again: that could trigger it to be re-propagated.
One danger is that a revoked key won't be seen as revoked by someone who needs
to see it as such. For example, let's say that I have a public key on the
keyservers (call it "A"), and my secret key gets compromised. I revoke that
key, make a new one ("B"), and upload both A & B to the keyservers.
Now, someone who I communicated with before my key was compromised wants to get
ahold of me, and so uses the only key they have: A. They don't know that I
have a new key, and checking the keyservers (gpg --refresh-keys, or similar for
other programs) won't show them that A is revoked, because A got pruned from
the keyserver when it was revoked.
Now, to be sure, we could design different ways of avoiding this issue, but
personally, I'd want to see some real evidence of an upcoming problem with the
keyserver DB size before going down that route. I'm afraid I don't see a
problem that needs fixing here.
David
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, (continued)
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Scott Grayban, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Jeff Johnson, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, John Clizbe, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, David Shaw, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Robert J. Hansen, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Xian Stannard, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Daniel Kahn Gillmor, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Scott Grayban, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Robert J. Hansen, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Matthew Palmer, 2011/06/02
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large,
David Shaw <=
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Scott Grayban, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, David Shaw, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Robert J. Hansen, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Daniel Kahn Gillmor, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Scott Grayban, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, C.J. Adams-Collier KF7BMP, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Jeff Johnson, 2011/06/01
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Kiss Gabor (Bitman), 2011/06/02
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, David Benfell, 2011/06/02
- Re: [Sks-devel] IPv6 peering; keydumps annoyingly large, Robert J. Hansen, 2011/06/02