Re: [Sks-devel] Blacklisting Keys

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Blacklisting Keys

From:	Olaf Gellert
Subject:	Re: [Sks-devel] Blacklisting Keys
Date:	Wed, 25 Feb 2004 21:53:06 +0100

Sacha J. Bernstein wrote:

I don't know much about the gossip protocol and all that, so how hardwould something like this be:
As an admin, I can blacklist keys. My server will delete those keys,and never ever fetch them from other servers. It will never accept themin email syncs either. I sign my blacklist with my key, and make itavailable to other admins.


I can imagine that deletion of the keys would cause
problems with the sync-protocols, because keys change
(new UIDs, new signatures, new photo-IDs). But I am
not sure.

I trust 6 other admins on the sks network. I fetch their signedblacklists daily. If 2 or more admins that I trust, other than myself,have blacklisted any key, then my server will ignore it as if I hadblacklisted it myself.
The idea is that I don't want one or two rogue admins disabling a bunchof keys for me, so I can choose who I trust, and still require multiplepeople to agree before I throw away keys automatically (without listingthem myself).
Blacklists could just be distributed by HTTP (or SMTP, or just aboutanything else.) They don't even need to be made by server admins, butthat's convenient at the moment.
Comments? This can't be a new idea. Does anyone know why this hasn'tbeen implemented before? Is this a bad idea?

Hmmm... I think a complete black-list-sync-protocol
is a little bit of an overkill. On the other hand:
We have been running a (HKP) keyserver for years and
we are oftenly getting requests from users to remove
their keys. I am still not sure what to do in these
cases (until now I cannot delete the keys so it is
definitely their problem). Someone who wants a key
to be deleted but cannot prove that it is his key
(because he has lost the passphrase... What if he
shows me his passport (so he proves that he has the
name thats in the userid of the key). Key removal is
as difficult as letting a bad key on the servers,
both have some advantages and disadvantages...

Olaf



--
Dipl.Inform. Olaf Gellert                  PRESECURE (R)
Consultant,                              Consulting GmbH
Phone: (+49) 0700 / PRESECURE           address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] Displaying user images on index page, (continued)
- Re: [Sks-devel] Displaying user images on index page, Sacha J. Bernstein, 2004/02/25
  - Re: [Sks-devel] Displaying user images on index page, Chris Kuethe, 2004/02/25
    - Re: [Sks-devel] Displaying user images on index page, Yaron Minsky, 2004/02/25
    - [Sks-devel] Blacklisting Keys, Sacha J. Bernstein, 2004/02/25
    - Re: [Sks-devel] Blacklisting Keys, Olaf Gellert <=
    - Re: [Sks-devel] Blacklisting Keys, Yaron M. Minsky, 2004/02/25
    - Re: [Sks-devel] Blacklisting Keys, Olaf Gellert, 2004/02/26
    - Re: [Sks-devel] Displaying user images on index page, Olaf Gellert, 2004/02/25
    - Re: [Sks-devel] Displaying user images on index page, David Shaw, 2004/02/25
    - Re: [Sks-devel] Displaying user images on index page, Thomas Sjögren, 2004/02/25

Prev by Date: Re: [Sks-devel] Displaying user images on index page
Next by Date: Re: [Sks-devel] strange behavior with empty database
Previous by thread: [Sks-devel] Blacklisting Keys
Next by thread: Re: [Sks-devel] Blacklisting Keys
Index(es):
- Date
- Thread