Re: keyserver.insect.com GDRP takedown request

[Alexandre Dulaunoy]

Hi All,

Hockeypuck supports blacklists (from version 2.1.0) when you can list all the fingerprint keys you want to avoid being synced.

In addition, you can delete the keys from Hockeypuck (PostgreSQL database). 

A key can be deleted from the SQL database in the following way:

- Query the pks interface for the offending key, get the hash fingerprint from Hockeypuck;

- Connect to Postgresql via psql

-select rfingerprint from keys where md5 in (<HASHFINGERPRINT>);

- The returned rfingerprint can be used to delete  to delete the subkeys

delete from subkeys where rfingerprint in (<RFINGERPRINT>);

- When all subkeys are deleted.

- delete from keys where md5 in (<HASHFINGERPRINT>)

Don't forget to add the key in blacklist:

[hockeypuck.openpgp]
blacklist=[
  "KEYFINGERPRINT"]

I hope this helps.

Blacklists -> https://github.com/hockeypuck/hockeypuck/releases

On Fri, May 27, 2022 at 6:09 AM Allen Zhong <allen@atr.me> wrote:

Maybe it would be possible for the server to maintain some sort of a
"block list" and reject to receive those keys in the list and also not
returning them to the client? I think that's possible but as it requires
changes of the server software (hockeypuck and sks-server, etc.) it's
not likely to be a quick one.

On 2022/5/27 11:01, Ced wrote:
> If anyone has an idea to prevent the collapse of the few remaining SKS
> keyservers, please let us know otherwise we'll have to take down our
> server too pretty soon :(

--

--                   Alexandre Dulaunoy (adulau) -- http://www.foo.be/
--                             http://www.foo.be/cgi-bin/wiki.pl/Diary
--         "Knowledge can create problems, it is not through ignorance
--                                that we can solve them" Isaac Asimov