[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] About deleting keys
|
From: |
Stephan Seitz |
|
Subject: |
Re: [Sks-devel] About deleting keys |
|
Date: |
Mon, 04 Nov 2013 18:31:39 +0100 |
Hi,
> This is not the sks-server to decide whether the key or data needs to
> be modified or suppressed.
> The danger is that someone or organistaion manipulates a sks server
> for others to accept without audits.
I think it's not about the risk of keyserver "manipulation", it's about
the presence of faked keys. If I get the last lawsuite right, the
payload of someones key with a faked email address was problematic.
> I think this is the openpgp and Gnupgp to modify the program and add:
>
> 1- revoke the key without deleting data
> 2 - revoke the key and delete data
> Then sks-server respect the orders of the owner of the private key
For legitimate owners that's the usual way. The worst scenario would be
if someone lost it's private key, and is subsequently unable to revoke
the public one.
Personally, I'm currently very undecided how (or even if) the keyservers
could prevent misusage.
I have to talk with some of my collegues, one of them happens to be
lawyer.
I'll get back to the list, after getting more informations ;)
cheers,
- Stephan
signature.asc
Description: This is a digitally signed message part
- Re: [Sks-devel] About deleting keys, (continued)
- Re: [Sks-devel] About deleting keys, Petru Ghita, 2013/11/03
- Re: [Sks-devel] About deleting keys, Johan van Selst, 2013/11/04
- Re: [Sks-devel] About deleting keys, David Benfell, 2013/11/04
- Re: [Sks-devel] About deleting keys, Petru Ghita, 2013/11/04
- Re: [Sks-devel] About deleting keys, Arnold, 2013/11/07
- Re: [Sks-devel] About deleting keys, Petru Ghita, 2013/11/07
Re: [Sks-devel] About deleting keys, robert.O, 2013/11/04