Re: [Sks-devel] The pool is shrinking

[Hendrik Visage]

> On 16 Aug 2019, at 22:45 , Stefan Claas <address@hidden> wrote:
> 
> O.k. I understand your point, but what I like to say is that I or anybody
> else can download a dump without running a key server. While running a
> key server requires a dump, it would be really nice if dumps are only
> available to a (trusted) pool of operators, as long as the current SKS
> model is still available on the Internet.

Well… here you’ll have to define “trusted”… Am I (being a South African with 
SKS servers in South Africa, France, Canada &  Singapore) being trust worthy 
for a GDPR? Which of my servers may or may not peer with each other as a side 
note? Now if I load a dump in FRance, may I peer with my RSA server? or should 
I load the dump in RSA and peer with my France server? If I receive a GDPR take 
down, does it only apply to my server(s) in France, or what if my RSA servers 
are providing a VPN/TOR endpoint via a FRance server, is that also under the 
GDPR?

The fact that the dumps exist, ACROSS THE GLOBE, makes any GDPR related 
discussion IMHO a very mute point once the data have entered the SKS server 
network.

It’s like unseeing a naked photo of person… it’s just not “possible”.

I would echo what everybody should know and understand: a PUBLIC KEY is by 
definition *PUBLIC*, NOTHING PRIVATE about it… BY DEFINITION.

SKS network contains *PUBLIC* keys. It’s purpose, is to PUBLICLY make your 
communications, signed/etc. with the associated *private* key, by directed to 
you and associated with you to proof that it was *you* that 
signed/produced/etc. that piece of communication. That purpose would be to know 
that the communication was not forged as you, and thus people can take that 
piece of communications as being your words spoken and trusted as it was not 
somebody else faked you. It is also a mechanism that you can receive 
communications, meant only for your eyes (I meant *private* key :) )that nobody 
else can decode (given they’ve not compromised your private key).

The fact that the SKS network had been and probably will still be 
abused/DoSed/etc. we can’t deny, but once people becomes silly, as I see this 
whole GDPR discussions have been, I have but one set of advice: Either you fix 
it, or you get out of the SKS server network… let those that run the SKS 
servers have the pains/legal battles/etc. when they are attacked by the GDPR 
enforcers, we’ll fight that battle, no need to make our lives worse off if you 
can’t add positive value…

Yours enjoying his pop-corn reading these debates

Hendrik

signature.asc
Description: Message signed with OpenPGP