Keyserver doesn't honour removed signatures
dshaw at jabberwocky.com
Thu Apr 16 15:13:35 CEST 2009
On Apr 16, 2009, at 3:18 AM, Werner Koch wrote:
> On Wed, 15 Apr 2009 19:47, dshaw at jabberwocky.com said:
>> The difference is that the keyserver network allows anyone to submit
>> data, and the keyserver net will then serve it on their behalf. It's
> Like Usenet.
Not exactly. Usenet has delete :)
Even so, Usenet is a good example. Note that even with delete, Usenet
is full of random junk dumped into it. Publicly writable resources on
the net, be they Usenet, Wikipedia, blog comments, or some random ftp
server that isn't set up as a blind drop-box, tend to be written in
ways not necessarily desired by their operators. All of these
resources have some means (of varying effectiveness, but they do at
least exist) to "clean up" the abuse (cmsg cancel, wiki editors,
kicking the admin who set the permissions that way), that the
keyserver net lacks.
Another way the current keyserver net differs from the earlier
examples is that many servers don't keep logs for very long (or at
all). That's a good feature when we're talking about keys, but it's
also a good feature for someone who wants to throw some illegal
material on there for later download. Of course, massive dumping of
junk into a keyserver would eventually be noticed, but a few items,
here and there, would easily fly below the radar.
I do like Usenet though. I once thought (before Yaron Minsky came up
with the gossip protocol) that if we ever needed a good keyserver
protocol that could scale to massive sizes, that a slightly modified
NNTP would be ideal for it. Use the key fingerprint as the NNTP
message-id field for IHAVE, and NNTP takes care of the distribution.
(You'd still need a keyserver front-end on top of the "article"
database, of course). I think we're pretty far off from needing to
scale to that level, though.
More information about the Gnupg-users