a step in the right direction

Robert J. Hansen rjh at sixdemonbag.org
Tue Jan 16 09:20:54 CET 2018

(I originally composed this on a mobile device and it was held for
moderation.  Re-sending it from my laptop.)


(Apologies for the terseness: on a mobile device)

> should not be viewed as "discussing a [...] nightmare scenario",

I am darkly amused at someone who has not done the research into what
the nightmare scenario *is* telling me that it's not a nightmare scenario.

The nightmare scenario is malcontents realize the keyserver network is a
multijurisdictional, redundant, distributed database from which data
cannot be deleted... and decide this makes it an ideal way to distribute
child porn.  The moment that happens, the keyserver network goes down
hard as every keyserver operator everywhere gets exposed to massive
criminal liability.

We've known about it for several years.  We've been thinking about how
to counter it for several years.  It turns out that countering it is a
*really hard job*.  If you make it possible to delete records from a
keyserver, you open the door to all kinds of shenanigans that
governments could force keyserver operators to do on their behalf.

How do you make it possible to delete records from a keyserver, while at
the same time keeping the keyserver resistant to malicious tampering
from adversaries?

This is an incredibly hard question to address.  And frankly, you're not
adding a single iota to the discussion.  But if you want to continue it,
I'd suggest speaking up over at sks-devel at gnu.org, where people have
been having this discussion off and on for years.

More information about the Gnupg-users mailing list