[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Withdrawal of Service -

From: Keith Erekson
Subject: Re: [Sks-devel] Withdrawal of Service -
Date: Fri, 16 Nov 2018 11:19:13 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0

Standard "I am not a lawyer" disclaimer applies, but it is my impression (both from speaking to people who know more than I do about this, and from reading article 17 of the GDPR) that the "right to be forgotten" isn't necessarily absolute.

Meaning that if one were to receive such a request, and it is not possible to remove the data, this doesn't automatically mean that the only recourse is to shut down the service. Specifically, this language is the part that catches my attention: "the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers..."

Perhaps someone who has access to a lawyer could ask for clarification on this? Speculation about what implications GDPR may or may not have for the SKS network isn't especially productive, in my opinion. (I say this as someone who might be shielded from liability by an employer's legal counsel, however.)

Regarding the resource usage and/or instability of the SKS keyserver itself, there are some of us who don't need to care about this, thankfully ;-)

I maintain a keyserver in a VM at work, where its CPU/disk/bandwidth usage are a proverbial drop in the bucket. As long as it keeps running with minimal oversight on my part, I'm happy to provide this service. The same applies to the mirrors that we operate.

Obviously this is a luxury and is not the case for many (most?) admins, and I would never blame anyone for ceasing to volunteer their resources/time for a project like this, but it is not necessarily a problem for all of us that these issues have become (more) apparent in the last year or so.

Just my two cents.


On 11/15/18 6:50 PM, Moritz Wirth wrote:
I asked to be allowed to share some more details, however the request
was to remove/prevent indexing of 2 keys stored on our keyservers -
including copies of ID's to verify the request as required by the
european data protection law. Since it is not possible to prevent the
indexing of data, I think the only possible way to handle this request
is to shut them down. I don't see a reason to fight this - it is the
right of someone to get his/her data removed so we are required to do
this regardless of how crappy that law might be. If someone decides to
ignore it, it's up on them.

Am 16.11.18 um 00:31 schrieb Mike:

Fabian, im sure you can tell that nothings going to change :(

But maybe these shutdowns in protest will provoke change, before its too late?

On Thu, 15 Nov 2018 23:23:43 +0000
"Fabian A. Santiago" <address@hidden> wrote:

Wow! I’d love to see that as well.

I just saw Kristian’s post with his email exchange. It’s a shame the situation is going down like this. I do hope a proper solution can be found so I and hopefully others can return to contributing to the network, should the mode of operation dictate and stay this way.



Fabian S.



On Thu, Nov 15, 2018 at 5:58 PM, Georg Faerber <address@hidden> wrote:


On 18-11-15 23:56:07, Moritz Wirth wrote: will cease operation - we received a request to remove
some keys and since we are unable to do this, we will shutdown all
keyservers and erase all relevant databases immediately.
Would it be possible to share this request, omitting sensitive details?


Sks-devel mailing list

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]