Remove public key from keyserver
Robert J. Hansen
rjh at sixdemonbag.org
Tue Jan 16 16:56:39 CET 2018
> Understood, but what speaks against a (syncing) public key server
> system like the old pgp.com key server was, compared to the regular
> key servers, which don't allow deletion of a key, by the owner and if
> i remember correctly also only upload by the owner.
The pgp.com keyserver had some serious problems. When I was at PGP
Security there were at least three engineers on the floor -- myself, Len
Sassaman, and Randy Harmon (the keyserver admin!) -- who thought the
keyserver was a pretty marginal idea specifically because we could be
compelled by governments to do unpleasant things. None of us used that
keyserver in our own personal lives.
The pgp.com keyserver is also a *standalone* server. It does not sync
with the keyserver network. (Search for 0xB44427C7, for instance. My
cert has been in the SKS network for years, but as of this writing isn't
in the pgp.com keyserver.) That's important for several reasons. It
means it's very easy for governments to blackhole, for instance. And it
also means it's possible to drop certificates.
One of the other reasons SKS doesn't allow dropping information is
because it lets two disagreeing keyservers figure out very easily what
the canonical and correct data is: it is the union of the disparate
data. As soon as you change this to allow for discarding data, suddenly
each certificate needs to bear with it some way to prove to other
keyservers that it's the most recent record and thus correct. Now you
get into needing trusted timestamps, certifications of changes, adding
crypto code into SKS, and ... things get out of hand quickly.
If you like the PGP Global Directory, go for it. Use it! It still exists.
But please, understand why SKS works the way it does before telling
people to change it.
More information about the Gnupg-users
mailing list