Leo Gaspard gnupg at leo.gaspard.ninja
Tue Jan 16 18:19:56 CET 2018

On 01/16/2018 05:42 PM, Robert J. Hansen wrote:
>> The mechanism to prove you are the owner of a public key is pretty much
>> in place :-). A mechanism where you can have a signed statement saying
>> "on 2018-01-16, I allow my key to show up on keyservers"
> It is theoretically and practically possible to have a keyserver that
> honors such requests, but what many people want is *enforcement*.  Not
> merely a voluntary system that's trivially circumventable, but some
> mechanism by which their public keys can be actively kept out of
> circulation.

Well, if such requests were honored, this would fix the OP's answer (ie.
“how do I hide the fact I mistakenly associated two unrelated UIDs on my
key”, if I understood correctly), as well as requests pertaining to the
EU's “right to be forgotten” (modulo people who would have lost their
private key and still claim this right, but I guess the extraordinary
measures taken for the last time it was invoked would still be possible).

So that's at least a good part of the current problem solved, I think --
though obviously nothing close to the nightmare scenario or people
wanting to DRM their keys.

Also, there are flaws with this approach (like after a private key
compromise, it would allow to prevent dissemination of the revocation
certificate) [1], but fixes like allowing the statement to be “on
2018-04-01, please expose only the master key and its revocation
certificate(s) to clients” would likely handle this particular issue.

All I'm saying is that a system like this one is not a silver bullet
solution, but may handle a few of the current complaints against the SKS

[1] It looks like Kristian has written more about it during my typing
this mail if I can guess from Peter's answer, though Kristian's mail
didn't land in my mailbox yet.

More information about the Gnupg-users mailing list