Re: [Sks-devel] Fake keys and removal thereof

[John Clizbe]

NimbleSec SKS Admin wrote:
> Hi all,
> 
> I have a couple of quick noobish questions...
> 
> I noticed this tweet:
> https://twitter.com/abditum/status/352271467196588035
> 
> It refers to a key retrieved from pgp.mit.edu that the keyserver is
> not allowing removal of.   I noticed it was also available from
> sks.pkqs.net, but didn't check any others...  Does SKS allow removal
> by default, and is this the likely reason I can't look up the key in
> question (keyID 51BB85A2) on my own server--or has it simply not been
> gossiped to me yet?

Allow removal? Yes, but it is a Sisyphean task for any server connected to the
SKS mesh. The dropped key will be replaced as soon as your server recons with
any peer.

Not gossiped? Highly unlikely for a key 10 days old. Are you prefixing the key
ID with 0x? You need to do so for key IDs.

I find the key on both of my internet facing servers:

http://yogi:11371/pks/lookup?search=0x8320d7a551bb85a2&fingerprint=on&op=index

http://booboo:11371/pks/lookup?search=0x8320d7a551bb85a2&fingerprint=on&op=index

> Aside from asking the keyservers to remove a fraudulent key, is there
> any other recourse for someone in this kind of situation?

None. And asking for a key to be removed is pointless. The keyservers were
never designed for removing key material. This is an intentional feature.

It's been discussed quite a bit on this list and also on gnupg-users and
gnupg-devel.

-- 
John P. Clizbe                      Inet: John (a) Gingerbear DAWT net
SKS/Enigmail/PGP-EKP                  or: John ( @ ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:address@hidden

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

signature.asc
Description: OpenPGP digital signature