Re: [Sks-devel] IPv6 peering; keydumps annoyingly large

[Phil Pennock]

On 2011-06-01 at 09:39 -0400, Robert J. Hansen wrote:
> At risk of pointing out the obvious, you've just added to the
> keyserver network a way to delete keys and keep them from getting
> re-entered into the DB.

Not quite: it's added a way for each individual keyserver operator to
delete keys from their server; the ability to remove the fingerprint
filter is unlikely to be used as long as some keyserver operators keep
all keys, which I expect to happen.

*If* there were *also* a way to distribute a "kill key" command, signed
by a "trusted" key, *then* you'd have the control which you're concerned
about.  I do acknowledge though that this gets us half-way towards that
state.

Note that we've already lost one valued keyserver operator in Germany
because he was unable to comply with a privacy request from a user to
delete their key and he, quite reasonably, did not want to be sued, so
shut down.

> This is exactly what the keyserver network is meant to avoid.  If
> that's possible, the keyserver system will have failed.

Hrm, I thought the primary goal was to be a convenient way to get keys.
Note that keys can be retrieved in various ways, not just from
keyservers, and keys can include URLs from which updates should
preferentially be fetched.  Those concerned about censorship have ways
around keyserver network compromise.

I'm happy running a free service to others, providing a reasonably
complete set of keys; but if you start making assertions about what the
keyserver network stands for, please point me to the manifesto which I'm
supposed to have signed up for as a keyserver operator, else kindly
refrain from speaking for others.

-Phil