[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Re: Delete key from keyserver
|
From: |
news |
|
Subject: |
Re: [Sks-devel] Re: Delete key from keyserver |
|
Date: |
Wed, 8 Sep 2010 07:09:51 +0000 |
I'm out travelling, so just throwing out some food for thoughts that I can
elaborate on later. Please excuse spelling errors, as I'm typing on my BB.
Personally I'n not in favor of hastily adding a deletion method , as it has
several major implications, but I much appreciate the discussion and agree it
is good to have it well thought out in case of an 'attack' ( misuse of the
intent of the sks network ).
The first issue is obviously a situation where a key owned by A is comprimised
and subsequently revoked. User B, that got hold of a copy of user As private
key now request a deletion of the key. If the server administrator indulge this
request, user B now re-upload the non-revoked key or submit this directly to
counterparties, that won't get the appropriate revocation certificate.
Another issue is on the server level of sks. Addition of a deletion token
would, by my thoughts, result in a fragmentation of sks servers intu closer
clusters. You would require a much greater degree of trust between the server
operators in order to avoid misuse, and so effectively redusing the number of
peers for each server, but as well limit the servers the peer would be
'permitted' to recon with in order to be in the cluster.
Granted this could be mitigated if only 'trusted introducers' (TI) are able to
add deletion tokens ( but as long as the protocol is open, this, itself, would
require a lot of thought on implementation. E.g by adding an element to the key
to be deleted that is signed by the TI.
Kristian Fiskerstrand
Sent from my BlackBerry® wireless device
-----Original Message-----
From: Yaron Minsky <address@hidden>
Sender: address@hidden
Date: Tue, 7 Sep 2010 23:27:00
To: Jeff Johnson<address@hidden>
Reply-To: address@hidden
Cc: <address@hidden>; Sebastien<address@hidden>; Ari
Trachtenberg<address@hidden>
Subject: Re: [Sks-devel] Re: Delete key from keyserver
_______________________________________________
Sks-devel mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/sks-devel
- Re: [Sks-devel] Re: Delete key from keyserver, Jeff Johnson, 2010/09/07
- Re: [Sks-devel] Re: Delete key from keyserver, Yaron Minsky, 2010/09/07
- Re: [Sks-devel] Re: Delete key from keyserver, Jeff Johnson, 2010/09/07
- Re: [Sks-devel] Re: Delete key from keyserver, Yaron Minsky, 2010/09/07
- Re: [Sks-devel] Re: Delete key from keyserver, news, 2010/09/08
- Re: [Sks-devel] Re: Delete key from keyserver,
news <=
- Re: [Sks-devel] Re: Delete key from keyserver, Yaron Minsky, 2010/09/08
- Re: [Sks-devel] Re: Delete key from keyserver, Kiss Gabor (Bitman), 2010/09/08
- Re: [Sks-devel] Re: Delete key from keyserver, Johan van Selst, 2010/09/08
- Re: [Sks-devel] Re: Delete key from keyserver, Alexander B. Schmidt, 2010/09/08
- Re: [Sks-devel] Re: Delete key from keyserver, Jeff Johnson, 2010/09/08
- Re: [Sks-devel] Re: Delete key from keyserver, Jeff Johnson, 2010/09/08
- Re: [Sks-devel] Re: Delete key from keyserver, Jeff Johnson, 2010/09/08
Re: [Sks-devel] Re: Delete key from keyserver, Robert J. Hansen, 2010/09/07