[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] A brief recap
|
From: |
Robert J. Hansen |
|
Subject: |
[Sks-devel] A brief recap |
|
Date: |
Wed, 6 Feb 2019 19:19:22 -0500 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 |
To spare us all diving through list archives:
The keyserver network is in a lot of ways like a blockchain. In both
cases they are distributed ledgers where any change to the ledger is
propagated through to everyone with a copy of the ledger. (Blockchain
differs by adding more cryptographic verification, but in the broad
strokes they're very similar.)
Why did keyservers evolve in such a way? Because in the early 1990s it
seemed like a good idea. The idea was the distributed redundant ledger
of cryptographic certificates would make it impossible for a corrupt
government to force the removal of a dissident's certificates. During
the Clinton-era crypto wars this was a very real concern.
It has also never happened in practice. To the best of my knowledge --
and I've been watching keyserver operations for literally more than a
quarter-century -- no keyserver operator anywhere has ever been coerced
by a government to even try to remove a certificate. The attack we were
concerned about never materialized. It's reasonable to ask if, a
quarter-century later, it's time to stop defending against it.
Further: in the intervening time we've learned that append-only
world-writable distributed databases are inherently unstable. Trolls,
hooligans, and criminals will poison it with information which is
irrelevant to the database's purpose (spam), offensive to many of the
maintainers (hardcore pornography), or flat out criminal (child
pornography).
So we have a few basic choices: *which condition do we waive?* being
foremost.
* Append-only? Reconciliation just got unspeakably harder.
* World-writable? This means restricting keyservers to vetted users.
* Distributed? Then there is no more keyserver network.
Waiving the "distributed" is technically easiest but it ends the era of
keyserver networks. Keyservers become completely balkanized. Waiving
the "append-only" criterion sounds nice, because if we can figure out
how to do that then we get to keep the keyserver network while gaining
GDPR compliance and ending spam and porn in the network. Unfortunately,
we have basically fuck-all zero idea of how to actually do it: the
engineering challenges are significant.
signature.asc
Description: OpenPGP digital signature
- [Sks-devel] A brief recap,
Robert J. Hansen <=