Re: [Sks-devel] The pool is shrinking

[Ryan Hunt]

Yakamo, 

it still does its job of ensuring published keys are not tampered with, it was not designed to be resilient to denial attacks.. That does not interfere with the trust of PGP, its why there are local keystores.. and the SKS network is still around despite being unreliable/broken from a maintenance standpoint.. your poisoned keys are not altering other individuals keys in any way/shape/form, so its security has not been compromised.. availability of keyservers is not critical to the use of PGP, again by design.. there are many ways to distribute keys, it is resilient factually despite your opinions.. over the decades the need has not been lost.

You could not be more wrong about GnuPG, and it shows.. do you even work in the industry? Because where I sit, with over 54 million devices on my network.. PGP is one of the most trusted security tools we use, all of our software is signed by PGP, config files are signed by PGP, internal correspondence signed by PGP.. You are the only person in the world claiming GnuPG has lost its trust and you can write all the blog posts you want but your opinion means nothing to me, and the rest of the industry.. Snowden and all the other security industry's rock stars still fully advocate the use of PGP despite your feeble attacks. 

So to answer your questions:

1. Currently, its the only option until something better comes along.

2. There are absolutely none, but you seem to be beyond reason on this point so I digress. 

3. This is entirely arbitrary, not everyone has to share your perspective.. Most of the industry rallied against the GDPR, if anything the EU/Australia has become the laughing stock of the cryptography world.. you guys would give up master keys and implement backdoors to your government in exchange for a cookie and a pat on the back.

-Ryan

On Fri, Aug 16, 2019 at 8:08 AM <address@hidden> wrote:

Once again pointing out the obvious that everyone is avoiding.

The keyservers don't have any mechanisms as required by the GDPR to remove data.

So once again if you load up someone else's personal data with out permission the servers instantly break the law due to the lack of those mechanisms. This is the simplest one to point out, Among many other issues. There is no exemption to this one at all!!!

Hansen its 2019 not 1990 and you need to evolve your thinking beyond your own personal interests! Do you think the GDPR is a bad thing? Do you think people having the right to better privacy is bad? from your resent responses you obviously do, strange attitude considering your interest in privacy????

-----------------------

>Its about pretty good privacy, not perfect privacy.. by design w/PGP and
>SKS, public keys are designed to be public, and not private.. in order to
>keep the private part secure, allowing people to arbitrary purge public
>data entirely undermines the entire thing.

And to Ryan, poor response! Also the world changes and laws change and peoples views of what is right and wrong change. And that's exactly what has happened especially in Europe! The sks keyservers where designed in the 1990s, its not 1990 any more. People think differently about privacy now. Hagrid or Keybase have solved issues for a majority of people.

It does not undermine it at all, this model is broken and its being laughed at by the entire tech community. Oh and it was never resilient to government interference that was just a fallacy which has been push right into the spot light. a single person or group just bitched slapped the sks keyservers recently with an attack, all it takes is someone to persist with a real attack and those are gone! NO RELIABLITIY, NO RESILIANCE....NO USE!!

-------------

The SKS Keyservers have brought a very bad light on GnuPG and other related projects, trust for most is low or gone in these projects, and people like Hansen and his approach to it has really not helped at all. Kristian meanwhile the maintainer remains quiet, not even making any attempts to suggest shutting down the servers or archiving the software.

The important Questions here for admins is :

Do you want to continue to:

1. Run broken and unreliable software?
2. Risk legal consequences?
3. be the laughing stock of modern security?

Kind regards

Yakamo


On Fri, 16 Aug 2019 08:41:53 +0200 (CEST)
Steffen Kaiser <address@hidden> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 15 Aug 2019, Stefan Claas wrote:
>
> > And has Mr. Rude then the right to freely distribute this data, without
>
> "this data" => SKS stores private data, which are public by design and in
> consens with the uploader, Art5 (1) a) and b)
> Those dumps are used to full fill the purpose, intended by the SKS network
> and intended to be processed by the uploader
> The SKS servers fullfill the well-known purpose of making these data
> available publically.
>
> > protecting it, to the whole world? If that is the case then EU citizens
> > having 'business' with the US can do the same with US citizens data.
>
> Yes, you, personally, can dump the *SKS* database and make it available
> yourself as well.
>
> - --
> Steffen Kaiser
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEVAwUBXVZQMiOjcd6avHZPAQIviQf/a9EjsJQUCZCILEdZTY+YuxFnjeJx+CDc
> +9X3d52NLeYp8mBQFdRLSNMsBneDqHye+e7QFjcyE1R7aOgEe1/Cawzht7h8Fuu8
> gs1ijA/l/Hdc0sy7uxBuEWA/mSrnyldwaxnNvInRz1GvDuxcmw48y74d20Gn/L8u
> JpnemKYjeF2CssQRjN//kEJGweNMsVpuGjLSTSxJDigp0AFXXGBWsL4wyJv4BcPB
> dpvsJ8tre7iyJoJVugT20oLs4V4EAAmKSCXDyJr1oJFtCdda6q8ii523QkEfb8hD
> /aL3pJdAsxUz9WtHwTu0qrqEKPMkZqYaWPu7+hbrMlOTqj+4yfafBg==
> =bwv8
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel


--


_______________________________________________
Sks-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel