Keyserver doesn't honour removed signatures
Robert J. Hansen
rjh at sixdemonbag.org
Wed Apr 15 17:43:20 CEST 2009
> Hypothetically, if a key is signed using another key which contains
> a jpg image of something illegal in the keyserver's location, what
> then? It would seem to me that the only option would be to remove
> the keyserver from the keyserver network.
... that's a truly /ghastly/ little attack against the keyserver
network, and I'm ashamed that I didn't think of it first.
The keyserver network is principally guided by this design goal: do
not ever lose key material. New data may be entered, but old data
must persist. Now, if a photo is attached to a key and the photo must
be removed for legal reasons, one of three things will occur:
(a) the keyserver network gets taken down
(b) the keyserver network gets taken over by people trafficking in
illegal images
(c) a way to remove UIDs without the owner's permission is added to
the keyserver network
I don't really like those prospects. Any of them.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the Gnupg-users
mailing list