|
From: | Julien Sansonnens |
Subject: | Re: [Sks-devel] Verification of keys on upload and removal options |
Date: | Fri, 25 Mar 2016 14:39:23 +0100 |
Hi all,Traditionally key servers have not had any options for deleting keys, so over the years there ends up being a number of invalid keys where the owner no longer has the corresponding private key or has closed the email account tied to the key.The problem of not being able to delete keys also contributes to the issue of keyserver based harassment or "doxing," where personal information and emails are uploaded without permission. Since the keyserver does not verify ownership of an email before accepting the key, anyone can create and upload a key for any email and include personal information in the name field.An example of 'Obama' : http://pgp.mit.edu/pks/lookup?search=obama&op=index'Hillary Clinton' shows similar issues : http://pgp.mit.edu/pks/lookup?search=hillary+clinton&op=indexOne can also create and upload keys which contain a victim's username, legal name, phone number, address, and other personal information and upload the key to the keyserver. It would essentially be a permanent record for someone's personal information.It doesn't benefit anyone to retain keys uploaded with malicious intent, so I believe it's worth discussing a mechanism for key removal due to abuse of the system.Thank you.
_______________________________________________
Sks-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel
[Prev in Thread] | Current Thread | [Next in Thread] |