[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Blacklisting Keys
From: |
Olaf Gellert |
Subject: |
Re: [Sks-devel] Blacklisting Keys |
Date: |
Wed, 25 Feb 2004 21:53:06 +0100 |
Sacha J. Bernstein wrote:
I don't know much about the gossip protocol and all that, so how hard
would something like this be:
As an admin, I can blacklist keys. My server will delete those keys,
and never ever fetch them from other servers. It will never accept them
in email syncs either. I sign my blacklist with my key, and make it
available to other admins.
I can imagine that deletion of the keys would cause
problems with the sync-protocols, because keys change
(new UIDs, new signatures, new photo-IDs). But I am
not sure.
I trust 6 other admins on the sks network. I fetch their signed
blacklists daily. If 2 or more admins that I trust, other than myself,
have blacklisted any key, then my server will ignore it as if I had
blacklisted it myself.
The idea is that I don't want one or two rogue admins disabling a bunch
of keys for me, so I can choose who I trust, and still require multiple
people to agree before I throw away keys automatically (without listing
them myself).
Blacklists could just be distributed by HTTP (or SMTP, or just about
anything else.) They don't even need to be made by server admins, but
that's convenient at the moment.
Comments? This can't be a new idea. Does anyone know why this hasn't
been implemented before? Is this a bad idea?
Hmmm... I think a complete black-list-sync-protocol
is a little bit of an overkill. On the other hand:
We have been running a (HKP) keyserver for years and
we are oftenly getting requests from users to remove
their keys. I am still not sure what to do in these
cases (until now I cannot delete the keys so it is
definitely their problem). Someone who wants a key
to be deleted but cannot prove that it is his key
(because he has lost the passphrase... What if he
shows me his passport (so he proves that he has the
name thats in the userid of the key). Key removal is
as difficult as letting a bad key on the servers,
both have some advantages and disadvantages...
Olaf
--
Dipl.Inform. Olaf Gellert PRESECURE (R)
Consultant, Consulting GmbH
Phone: (+49) 0700 / PRESECURE address@hidden
- Re: [Sks-devel] Displaying user images on index page, (continued)
Re: [Sks-devel] Displaying user images on index page, David Shaw, 2004/02/25
Re: [Sks-devel] Displaying user images on index page, Sacha J. Bernstein, 2004/02/25
Re: [Sks-devel] Displaying user images on index page, Sacha J. Bernstein, 2004/02/25
Re: [Sks-devel] Displaying user images on index page, Olaf Gellert, 2004/02/25
Re: [Sks-devel] Displaying user images on index page, David Shaw, 2004/02/25
Re: [Sks-devel] Displaying user images on index page, Thomas Sjögren, 2004/02/25