Re: [Sks-devel] keyserver.pramberger.at terminating

[Peter Pramberger]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johan van Selst schrieb am 07.09.2010 21:11:
> This is bad news indeed. I don't live in Austria, but I'm sure many
> countries, including mine, have similar legislation. And I don't believe
> there's a general technical answer to this. The PGP keyservers basically
> use an 'add once and remember forever' principle. Now, if I remember
> correctly, sks has a 'drop' feature to remove individual keys from a
> keyserver, but I not sure that this permanently deletes certain keys
> (it might be added again with later manual or automatic updates).

No, it gets back on the next recon run.

> It may be useful to have a permanent local blacklist for individual
> servers, that lists key-IDs or even email addresses that should not be
> tracked in the PGP key database. I suppose this would be sufficient to
> comply with the legislation regarding similar complaints, but I'm no
> legal expert either.

This is exactly what was intentionally NOT designed in - to prevent any form
of censorship and data manipulation. How do you ensure that the blocking
request comes from an authorized person? And what comes afterwards? Every
public key with a lost passphrase, private key would end on this blacklist.
After some time you'll need a second database for all suppressed keys...

And not to forget: to prevent segmentation of the keyserver network, you'd
have to synchronize the filter list across all keyservers.


Br,
Peter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkyGk/cACgkQcKsx5K5ighxSnACdERJY5P7HuKKDEwAQYHNkMWRd
9aMAn3BZbenPFYcz4BehXazhjy/2q95R
=gjTW
-----END PGP SIGNATURE-----