[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] About deleting keys

From: Stephan Seitz
Subject: Re: [Sks-devel] About deleting keys
Date: Mon, 04 Nov 2013 18:31:39 +0100


> This is not the sks-server to decide whether the key or data needs to
> be modified or suppressed. 
> The danger is that someone or organistaion  manipulates a sks server
> for others to accept without audits. 

I think it's not about the risk of keyserver "manipulation", it's about
the presence of faked keys. If I get the last lawsuite right, the
payload of someones key with a faked email address was problematic.

> I think this is the openpgp and Gnupgp to modify the program and add:
> 1- revoke the key without deleting data
> 2 - revoke the key and delete data
> Then sks-server respect the orders of the owner of the private key

For legitimate owners that's the usual way. The worst scenario would be
if someone lost it's private key, and is subsequently unable to revoke
the public one.

Personally, I'm currently very undecided how (or even if) the keyservers
could prevent misusage.
I have to talk with some of my collegues, one of them happens to be

I'll get back to the list, after getting more informations ;)


- Stephan

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]