Remove public key from keyserver (was: Hide UID From Public Key Server By Poison Your Key?)

Stefan Claas stefan.claas at posteo.de
Mon Jan 15 17:39:54 CET 2018


On Mon, 15 Jan 2018 17:14:40 +0100, Jason Lawrence wrote:
> > That said I guess ideas like this have already
> > likely been discussed before?  
> 
> Good luck with that, the similar discussing has
> been hold years and nothing ever changed. Last
> time I checked, a discussing in 2005 was labeled
> as "Remove public key from keyserver No.74"
>  
> 
> Sent: Monday, January 15, 2018 at 4:14 PM
> From: "Leo Gaspard" <leo at gaspard.io>
> To: gnupg-users at gnupg.org
> Subject: Remove public key from keyserver (was: Re: Hide UID From
> Public Key Server By Poison Your Key?) On 01/15/2018 08:13 AM, Robert
> J. Hansen wrote:>> Since you can never remove
> >> anything from the public key server, You are
> >> wondering if you can add something to it -- for
> >> example, add another 100 of UIDs with other
> >> people's real name and emails so people can not
> >> find out which one is yours, and append another
> >> 100 of digital signature so people get tired
> >> before figure out which one is from valid user.  
> >
> > I rarely use language like this, but this time I think it's
> > warranted:
> >
> > This is a total dick move. Don't do this. You'll make yourself a lot
> > of enemies, and if you pick the wrong real names and emails, some of
> > those people are pretty damn good at figuring out what's going on.
> >
> > Don't put real names and emails belonging to other people on your
> > cert. It's *rude*. If someone goes looking for "Robert J. Hansen
> > <rjh at sixdemonbag.org>" I want them to see one cert is newest and I
> > want them to use that one. If you go about putting my name and
> > email address on your cert, I'm going to get cross.
> >
> > Again: this is a total dick move. Don't do this.  
> 
> That said, it raises the interesting question of revocation of data on
> keyservers (and the associated legal issues in operating keyservers,
> as the operator is supposed to comply with requests to remove
> personally-identifiable information from it).
> 
> I was just thinking, would it be possible to have a tag (a UID with
> special meaning, like “please-remove-me at srs-keyservers.net”?) for
> which the signature would be verified by the keyserver, and that
> would cause it to drop everything from its storage apart from this
> tag? This way the “please remove me” tag would just naturally
> propagate across keyservers, and all up-to-date-enough keyservers
> will drop all the data associated with the key except the tag and the
> master public key (basically, the strict minimum to check the said
> tag).
> 
> That said I guess ideas like this have already
> lhttps://en.wikipedia.org/wiki/Right_to_be_forgottenikely been
> discussed before?

Maybe we need (a court) case were a PGP user requests the removal
of his / her keys until the operators and code maintainers wake up?

Or PGP users simply forget those old fashioned geek key servers
and use modern solutions like keybase.io for example.

https://en.wikipedia.org/wiki/Right_to_be_forgotten

Regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas



More information about the Gnupg-users mailing list