[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Re: Delete key from keyserver
|
From: |
Jeff Johnson |
|
Subject: |
Re: [Sks-devel] Re: Delete key from keyserver |
|
Date: |
Tue, 07 Sep 2010 18:31:00 -0400 |
On Jul 8, 2010, at 11:34 AM, Ari Trachtenberg wrote:
> The backend data structure supporting SKS does not yet support true deletion.
> We are researching this (but it will take some time :-)
Now would be a _PERFECT_ time for some research to be actively deployed. ;-)
OTHERWISE
Since their are only 50-100 (just a rough estimate) SKS servers, a key could
most definitely be dropped with a modest amount of coordination.
Consider what happens if the reconciliation protocol version is incremented and
2 machines
deploy with the version++ protocol on a store that DROPS the offending key
and actively filters that key going forward.
So there would be 2 SKS nets, and a need to coordinate a switchover from
one store to the other.
Please note that I am NOT suggesting that the SKS protocol be incremented
(though that would most definitely "work").
What I am suggesting is that -- with a modest amount of coordination --
there are solutions that could be devised in order to solve a "real world"
problem.
This isn't the first person who decided to lititigate, and won't be the last.
JMHO, YMMV, I'm game for version++ (though I think there are most definitely
easier
ways to drop a pubkey than rev'ing the SKS reconciliation protocol version) if
anyone else
is.
73 de Jeff
> -Ari
>
> On Jul 8, 2010, at 6:37 AM, Sebastien wrote:
>
>> Since I have no web interface running, I did this:
>>
>> #-- exporting the public key I want to drop in SKS database
>> gpg --export --armor --output mykey.asc -- myname
>>
>> #-- getting the MD5 hash of that key
>> md5sum mykey.asc
>>
>> then
>>
>> #-- dropping the key from SKS using MD5 hash previousy retreived
>> sks drop <mykey.asc_md5sum>
>>
>> Result:
>>
>> #-- key no longer exist in key server database
>> gpg --keyserver my_sks_server --seach-keys -- myname
>>
>> This could be fine... but I cannot add a new key anymore. Seems that SKS
>> database is corrupted now. Any idea ?
>>
>>
>>
>> _______________________________________________
>> Sks-devel mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/sks-devel
>
>
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/sks-devel
- Re: [Sks-devel] Re: Delete key from keyserver,
Jeff Johnson <=
- Re: [Sks-devel] Re: Delete key from keyserver, Yaron Minsky, 2010/09/07
- Re: [Sks-devel] Re: Delete key from keyserver, Jeff Johnson, 2010/09/07
- Re: [Sks-devel] Re: Delete key from keyserver, Yaron Minsky, 2010/09/07
- Re: [Sks-devel] Re: Delete key from keyserver, news, 2010/09/08
- Re: [Sks-devel] Re: Delete key from keyserver, news, 2010/09/08
- Re: [Sks-devel] Re: Delete key from keyserver, Yaron Minsky, 2010/09/08
- Re: [Sks-devel] Re: Delete key from keyserver, Kiss Gabor (Bitman), 2010/09/08
- Re: [Sks-devel] Re: Delete key from keyserver, Johan van Selst, 2010/09/08
- Re: [Sks-devel] Re: Delete key from keyserver, Alexander B. Schmidt, 2010/09/08
- Re: [Sks-devel] Re: Delete key from keyserver, Jeff Johnson, 2010/09/08