Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

address@hidden wrote:

> Once again pointing out the obvious that everyone is avoiding.
> 
> The keyservers don't have any mechanisms as required by the GDPR to remove
> data.
> 
> So once again if you load up someone else's personal data with out permission
> the servers instantly break the law due to the lack of those mechanisms. This
> is the simplest one to point out, Among many other issues. There is no
> exemption to this one at all!!!
> 
> Hansen its 2019 not 1990 and you need to evolve your thinking beyond your own
> personal interests! Do you think the GDPR is a bad thing? Do you think people
> having the right to better privacy is bad? from your resent responses you
> obviously do, strange attitude considering your interest in privacy????
> 
> -----------------------
> 
> >Its about pretty good privacy, not perfect privacy.. by design w/PGP and
> >SKS, public keys are designed to be public, and not private.. in order to
> >keep the private part secure, allowing people to arbitrary purge public
> >data entirely undermines the entire thing.
> 
> And to Ryan, poor response! Also the world changes and laws change and
> peoples views of what is right and wrong change. And that's exactly what has
> happened especially in Europe! The sks keyservers where designed in the
> 1990s, its not 1990 any more. People think differently about privacy now.
> Hagrid or Keybase have solved issues for a majority of people.
> 
> It does not undermine it at all, this model is broken and its being laughed
> at by the entire tech community. Oh and it was never resilient to government
> interference that was just a fallacy which has been push right into the spot
> light. a single person or group just bitched slapped the sks keyservers
> recently with an attack, all it takes is someone to persist with a real
> attack and those are gone! NO RELIABLITIY, NO RESILIANCE....NO USE!!
> 
> -------------
> 
> The SKS Keyservers have brought a very bad light on GnuPG and other related
> projects, trust for most is low or gone in these projects, and people like
> Hansen and his approach to it has really not helped at all. Kristian
> meanwhile the maintainer remains quiet, not even making any attempts to
> suggest shutting down the servers or archiving the software.
> 
> The important Questions here for admins is :
> 
> Do you want to continue to:
> 
> 1. Run broken and unreliable software?
> 2. Risk legal consequences?
> 3. be the laughing stock of modern security?
> 

1+

I would also like to make a little suggestion, to put a little bit
more trust in this broken SKS design, for people who still might
have a need for SKS usage.

How about to issue  monthly warrant canaries from SKS operators for
the pool, Kristian maintains?

It should tell users that SKS operators share no dumps with 3rd
parties for key analysis, i.e. social graph research etc. Those
who publish a warrant canary can stay in the pool, while others
who don't like to do so will be excluded from the pool.

Does this makes sense to honest operators? I think it would not
hurt and requires no additional work, except a monthly little
GnuPG signed statement.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)