Keyservers and GDPR

Thu May 24 00:42:12 CEST 2018

On Wed, 2018-05-23 at 23:45 +0200, Kristian Fiskerstrand wrote:
> yes and no.. it basically changes keyservers to becoming certificate
> authorities.
?? Why this?

A CA is trusted by others and assures the identity of subjects.
The challenge/response I'm talking about, would just assure that only
the owner can publish the key to the network.
It would in no way make any assurance about the identity.

> And unless they do signature / certification on the
> keyblock this state isn't kept anywhere..
Sure... it's just the proof, that the owner of the key actually wishes
its publication.

Of course the owner could still set up a fake User ID, effectively
publishing another user's personal data.. but I guess then we'd be save
in terms of privacy laws.

> but it is basically the PGP
> Global Directory.
I don't think PGP GD requires prof that an uploader is the key owner.
The only difference with that is that it doesn't syncronise with other
keyservers (which is a major deficiency from a security PoV)... and
didn't it remove keys after a while (if the users didn't reupload)..
but then removal is complete (IIRC)... which is again a major
deficiency, as revocations are also removed.

> From a security perspective I'm not impressed about it, and there are
> several caveats, in particular related to expecting a domain name
> being
> in the original owner's control forever
You mean the PGP GD model? Well I haven't said we should do it as they
do it (i.e. sending a mail to people asking them for reupload)...
instead... if a user wants to keep his UIDs published, his client would
need to do the reupload every now and then.. say once a year.
If he doesn't,... the UIDs would get removed from the keyserver network
(but NOT the revocation sigs).

I'm not sure whether other sigs on the key should be removed
(especially thinking about the certifcation sigs the person of the
removed key made on other people)... these could basically allow to
"trace" his contacts... and may therefore interfere with privacy laws.
OTOH... when the UIDs are gone... it's already pseudo-anonymous... so
might be fine.

> So revocation of a previous
> owner wouldn't be recorded. It also excludes any non-email UIDs, e.g
> just a plain name or a pseudonym/handle in other channels (twitter?)
As said above... I don't think challenge/response should be like PGP GD
does it with sending mails. This would also impose much more burden on
the keyservers (and even more legal risks... "unwanted mail" and so
on).
I'd rather think about: when some person wants to upload its key... its
client must attach a signed standardised message like:
"I herby certify that this is my key, my own valid identities and that
I allow it to published globally to all servers of the SKS keyserver
network for 1 year or until I revoke permission. Even then, only the
UserIDs will be removed and all other data remains. <current
date/time>."
(Some lawyer should draft a suitable text)

And only if the current date/time is in a +/- 30 min time frame... and
if the sig validates... the keyserver would accept the UIDs.

The whole thing would *not* apply to just upgrades... like new
certification sigs.

Cheers,
Chris.