Re: [Sks-devel] The pool is shrinking

[stuff]

I guess we will have to agree to disagree, i dont think we will get any further 
with this.
I fully support the GDPR as do alot of people in the EU.

You have made it clear where you stand as i have.

Still not sure what Austraila has to do with the EU and the GDPR though?

But i do know that the backdoor law implemented in Austraila is part of the 5 
eyes progam which the US is part of and mostly spear heads these operations as 
it does in the UK as well. America is certainly not a budding example of 
privacy!


Just one correction keys.openpgp.org is fully GDPR compliant for those in the 
EU.

Kind Regards

Yakamo

On Fri, 16 Aug 2019 11:42:31 -0600
Ryan Hunt <address@hidden> wrote:

> SKS is still resilient to anyone wiping out all references to my public key
> and replacing with their own for a man in the middle attack, you can go
> check multiple servers and compare keys against each other.. I can check
> keys in my local keystore or transmitted via other means against whats in
> SKS, its also resilient to keys being removed to prevent verifying data
> signed long ago.. none of that has changed, you can attack the whole
> network but its integrity is still intact when it comes back up..
> 
> Its role as a decentralized, tamper resistant key storage solution is still
> vital, and I would love it if we had the development going on to address
> the stability issues, but thats simply not the case at this point in time
> and until the actual integrity of the data the SKS network serves is
> compromised there is no need for its death.. yes there are alternatives,
> but those wont force enforcement of your precious GDPR, I can host all the
> same keys any way I want and ignore all your requests for removal just the
> same so your argument attacking SKS specifically is moot.
> 
> > Also do you think its good Mr Hunt that data can be uploaded onto these
> servers such as peoples personal information without consent? This has
> happened to a lot of people. And yet no one is interested in addressing
> this!
> I've proposed solutions to simply add more sanity/validation checks to make
> sure keys are actual valid keys and limiting the overall size of keys to
> prevent abuse, but overall I'm not terribly concerned.. there's a billion
> places to make information public on the internet that is entirely out of
> reach of your local authorities, SKS is rather ineffective means of making
> information public since practically nobody is looking at the dataset as a
> whole and are only querying information directly, and almost always
> automated.. You are basically Gaslighting at this point.
> 
> > And are you against the GDPR?
> Correct, the GDPR would be ruled unconstitutional in a heartbeat if someone
> tried to implement it here.
> 
> > Do you even know what the GDPR covers?
> Yes, quite well.. I unfortunately work with many forms of Digital
> Compliance in my industry.
> 
> > what has Australia got to do with this?
> Just another example of the road to hell is paved with good intentions..
> Its a slippery slope you guys are already sliding down.. I can only think
> of one operator that was forced to shut down for being liable for data
> others posted publicly, and that was an Australian operator.. long before
> the GDPR was drafted.. and nothing was accomplished, the data they tried to
> take out of the public sphere still exists.. again SKS worked as designed,
> the government was unable to stop the distribution of that data.. and its
> still accessible, even within Australia.
> 
> > and where are you from Mr Hunt? America?
> Yes, Colorado to be precise if you need to figure out what court to waste
> your time with.
> 
> > There's plenty why you claim none im not sure, maybe we should test this
> theory of yours?
> Go for it, I am completely willing to face any government and the resulting
> consequences to protect the integrity and availability of public
> cryptography, if my government were to ever insist on compromising it again
> in the future I would make it my mission to distribute the tools and spread
> awareness despite any legal ramifications or any moral perspective, yeah I
> might be assisting terrorists, child abusers, and other boogiemen; but
> thats the price of cryptographically secure communications. The EU can
> bring it on for all I care, this is a hill I'm fully prepared to die on,
> and have been for a while.. I advocated for and distributed the tools 30
> years ago when strong crypto was illegal to export from the United States,
> and eventually we won that battle of attrition.
> 
> -R
> 
> 
> 
> On Fri, Aug 16, 2019 at 10:12 AM <address@hidden> wrote:
> 
> > On Fri, 16 Aug 2019 09:12:30 -0600
> > Ryan Hunt <address@hidden> wrote:
> >
> > > Yakamo,
> > > it still does its job of ensuring published keys are not tampered with,
> > it
> > > was not designed to be resilient to denial attacks.. That does not
> > > interfere with the trust of PGP, its why there are local keystores.. and
> > > the SKS network is still around despite being unreliable/broken from a
> > > maintenance standpoint.. your poisoned keys are not altering other
> > > individuals keys in any way/shape/form, so its security has not been
> > > compromised.. availability of keyservers is not critical to the use of
> > PGP,
> > > again by design.. there are many ways to distribute keys, it is resilient
> > > factually despite your opinions.. over the decades the need has not been
> > > lost.
> > >
> >
> > That's correct its not designed to be resilient to denial attacks, making
> > it unreliable as stated before! which means its not resilient to
> > governments at all! This statement stands true. Now it barely fulfils its
> > basic functions! the amount of posts littered over the internet about how
> > people cant pull a key from the servers or unable to upload them. There are
> > constant outages!
> >
> > There are alternatives and they work! sks doesn't!
> >
> > Its not the design or the attacks that's for me personally and others
> > distrustful its the, closed minded approach to how vulnerabilities are
> > handled, both people from the GnuPG community and SKS have attacked people
> > for what's considered normal practice when it comes to disclosure of
> > vulnerabilities and bugs. "stay quiet and hope nothing happens" or "your
> > attacking us because you pointed out something wrong with our software" is
> > not a good way to deal with things!
> >
> > Also do you think its good Mr Hunt that data can be uploaded onto these
> > servers such as peoples personal information without consent? This has
> > happened to a lot of people. And yet no one is interested in addressing
> > this!
> >
> > > You could not be more wrong about GnuPG, and it shows.. do you even work
> > in
> > > the industry? Because where I sit, with over 54 million devices on my
> > > network.. PGP is one of the most trusted security tools we use, all of
> > our
> > > software is signed by PGP, config files are signed by PGP, internal
> > > correspondence signed by PGP.. You are the only person in the world
> > > claiming GnuPG has lost its trust and you can write all the blog posts
> > you
> > > want but your opinion means nothing to me, and the rest of the industry..
> > > Snowden and all the other security industry's rock stars still fully
> > > advocate the use of PGP despite your feeble attacks.
> >
> > Are we really comparing "network" size?
> >
> > I didn't say it was not in demand or general use in the security
> > community! or unpopular!
> > Although I come across very few people who actually use it these days and
> > who are not middle aged. Even FreeBSD stopped using it who knows how long
> > ago for signing packages.
> >
> > Like wise your opinion holds no value to me either.
> >
> >
> > > So to answer your questions:
> > > 1. Currently, its the only option until something better comes along.
> >
> > Keybase and Hagrid or self hosting your gpg key, plenty of options.
> >
> > > 2. There are absolutely none, but you seem to be beyond reason on this
> > > point so I digress.
> >
> > There's plenty why you claim none im not sure, maybe we should test this
> > theory of yours?
> >
> > > 3. This is entirely arbitrary, not everyone has to share your
> > perspective..
> > > Most of the industry rallied against the GDPR, if anything the
> > EU/Australia
> > > has become the laughing stock of the cryptography world.. you guys would
> > > give up master keys and implement backdoors to your government in
> > exchange
> > > for a cookie and a pat on the back.
> >
> > Of course big company's rallied against the GDPR, it gives users their
> > privacy back again!
> > This messes with their business model!
> >
> > And are you against the GDPR?
> > Do you even know what the GDPR covers?
> >
> > what has Australia got to do with this?
> >
> > and where are you from Mr Hunt? America?
> >
> > Kind Regards
> >
> > Yakamo
> >
> >
> > --
> >
> >


--