Keyserver doesn't honour removed signatures

[David Shaw]

On Apr 16, 2009, at 3:18 AM, Werner Koch wrote:

> On Wed, 15 Apr 2009 19:47, dshaw at jabberwocky.com said:
>
>> The difference is that the keyserver network allows anyone to submit
>> data, and the keyserver net will then serve it on their behalf.  It's
>
> Like Usenet.

Not exactly.  Usenet has delete :)

Even so, Usenet is a good example.  Note that even with delete, Usenet  
is full of random junk dumped into it.  Publicly writable resources on  
the net, be they Usenet, Wikipedia, blog comments, or some random ftp  
server that isn't set up as a blind drop-box, tend to be written in  
ways not necessarily desired by their operators.  All of these  
resources have some means (of varying effectiveness, but they do at  
least exist) to "clean up" the abuse (cmsg cancel, wiki editors,  
kicking the admin who set the permissions that way), that the  
keyserver net lacks.

Another way the current keyserver net differs from the earlier  
examples is that many servers don't keep logs for very long (or at  
all).  That's a good feature when we're talking about keys, but it's  
also a good feature for someone who wants to throw some illegal  
material on there for later download.  Of course, massive dumping of  
junk into a keyserver would eventually be noticed, but a few items,  
here and there, would easily fly below the radar.

I do like Usenet though.  I once thought (before Yaron Minsky came up  
with the gossip protocol) that if we ever needed a good keyserver  
protocol that could scale to massive sizes, that a slightly modified  
NNTP would be ideal for it.  Use the key fingerprint as the NNTP  
message-id field for IHAVE, and NNTP takes care of the distribution.   
(You'd still need a keyserver front-end on top of the "article"  
database, of course).  I think we're pretty far off from needing to  
scale to that level, though.

David