SKS Keyserver Network Under Attack

Mon Jul 1 11:54:26 CEST 2019

> I think not.

Thankfully we live in free societies where dissent is allowed: on good
days, even tolerated and encouraged.  You're wrong, of course, but
please understand I encourage you to be wrong.  :)

Also, if it isn't clear: although I emphatically disagree with you, this
is not a personal dispute.  I plan on turning your idea into a pinata,
but on a personal level as far as I'm concerned there's nothing but
peace between us.

> You yourself say that the SKS system has had known problems for well 
> over a decade and yet nothing has been done about it.

No.  No.  No.  I have not said that.  In the last ten years the
sks-devel at nongnu.org community has explored pretty thoroughly the
problem space and concluded it cannot be solved at the SKS level, given
the community's level of manpower and funding.

That's not "nothing".  That's a very important result and it is
literally the most the sks-devel community can be asked or expected to
do, given their critical shortages of money and manpower.

In a very real sense, WKD, Autocrypt, Hagrid, dkg's work in
abuse-resistant keyservers, and so forth, all sprang from the sks-devel
community's recognition of the problem and the inability of SKS to
effectively fix it.  If SKS were in better shape it's likely none of
those projects would have ever started.

There is a line of thinking which I find to be morally appalling, and
you describe it quite clearly in your footnote:

> 1: You referred to this inertia as "powerful technical and social 
> factors" which is true but they still represent a bug, not a
> feature. These factors are in effect societal excuses, not legitimate
> reasons for lack of action.

If the sks-devel community has repeatedly made it clear over the course
of a decade that "we lack both the manpower and the financial resources
to fix this problem", never receives manpower or financial resources,
and then ten years later this happens... our reward is to be
victim-blamed?  "If you were really serious you would've done something
by now"?

It's like telling a doctor in the developing world who has for ten years
been screaming that she needs polio vaccine, after a polio epidemic
starts in her neighborhood, "the poverty is in effect a societal excuse,
not a legitimate reason for lack of action"?

It takes stuff to do stuff, and it's really rude to blame the victims
for problems they inherited but did not create.

> Well, someone has now brought widespread attention to the issue. By 
> poisoning the certificate of (at least) two very high-profile 
> members

Three now, since apparently Kristian has been hit.

> of this community, they have brought absolutely unavoidable attention
> to the fact that something needs to be done *now*.

At a tremendous price.  A price that I, and many others, think is
morally appalling.  These people are not our friends and have done us no
favors.

> Good can come of this attack on you and DKG.

I seem to recall people saying the same after 9/11: that yes it was a
horrific thing, but that "good can come of this tragedy".

I seem to recall people saying the same after my best friend's suicide:
that yes it was a horrific thing, but that "good can come of this tragedy".

It is the nature of goodness that, like hope, it springs eternal and in
the most unlikely of places.  But it is also barbarous to claim the good
that may come out of a horror should be counted to the horror's credit.