Re: [Sks-devel] The pool is shrinking

[Hendrik Visage]

> On 16 Aug 2019, at 23:29 , Stefan Claas <address@hidden> wrote:
> 
> Hendrik Visage wrote:
> 
>> SKS network contains *PUBLIC* keys. It’s purpose, is to PUBLICLY make your
>> communications, signed/etc. with the associated *private* key, by directed to
>> you and associated with you to proof that it was *you* that
>> signed/produced/etc. that piece of communication. That purpose would be to
>> know that the communication was not forged as you, and thus people can take
>> that piece of communications as being your words spoken and trusted as it was
>> not somebody else faked you. It is also a mechanism that you can receive
>> communications, meant only for your eyes (I meant *private* key :) )that
>> nobody else can decode (given they’ve not compromised your private key).
>> 
>> The fact that the SKS network had been and probably will still be
>> abused/DoSed/etc. we can’t deny, but once people becomes silly, as I see this
>> whole GDPR discussions have been, I have but one set of advice: Either you
>> fix it, or you get out of the SKS server network… let those that run the SKS
>> servers have the pains/legal battles/etc. when they are attacked by the GDPR
>> enforcers, we’ll fight that battle, no need to make our lives worse off if
>> you can’t add positive value…
>> 
>> Yours enjoying his pop-corn reading these debates
> 
> O.k. let's forget for a moment the GDPR.
> 
> Would you or any other SKS operator in 2019 agree that a person should
> have the right that his / her public key can be removed from the SKS
> network if he / she asks for?

The method to do that, is to have a valid period, and then before the valid 
period expires, the user can resign a new
key with the old key, or he/she/they/them/whatever could just let that expire.

The user that want that key to be removed, either doesn’t understand the 
principles/ideas of the need/use for the
PUBLICLY available public keys, or is hiding something that they shouldn’t have 
done in the first place.

> An example: You have children and you recommend as an privacy advocate
> and parent that your minors should use PGP.

> A nasty classmate signs your daughters pub key with bad things. Teenagers
> usually smarter than their parents may not handle such a situation well,
> like us old PGP farts.

Well, the   “bad” things, and the “sign” is a method to prosecute (with quite a 
high confidence level) the guilty party
to the point where the punishment should be a deterrent enough for future 
bullies to be fearful of.

The specifics is (a) an indication of a badly educated bully, and (b) a bad 
family structure of the victim (Personal points of views and beliefs)
that gets worsened by the facts that the guilty aren’t properly punished, (We 
have police states, but the criminals have more rights than the civilians
that can’t even protect themselves against the perpetrators with enough force 
to deter the perpetrators ;( )

Things like GDPR are nice “laws”, but a toothless setup other than a monetary 
slap on the wrists for the big guys.

> Please explain in 2019 to you friends, wishing to learn secure email
> communications, that they should use PGP, while everybody can sign
> their pub key with arbritary  (and illegal) data, thanks to SKS.

The signature is a indication of who knows you, and SKS is a mechanism, not the 
only mechanism to setup a web of trusts

> They will for sure show you a stinking finger.

You aren’t forced to be part of, nor use, the SKS.

> A public key in 2019 does not mean that it can be used for nasty
> things, while a public key holder can not defend him  / her self!

I may have an outer wall that get’s grafiti all the time… I can’t protect that 
every single minute of the day…
but I can proof it is my home given the fact that only I have a set of keys 
that will open the (full of grafiti) garage door!!

that public key’s “signing” is the perpetrator that acknowledges it’s my key, 
even if/when he/she/they/them/whatever
put horrible things on it, they are still the ones that can be shown as the 
ones that did it…

> May I ask why you SKS operators did not implemented GnuPG's
> feature the --no-modifiy flag? It is not a brand new feature …

Perhaps as it’s not running GnuPG/pgp inside the SKS key servers ;)
SKS is just a mechanism to share (decentralized) a blob of data with a random 
number ID


— Hendrik

signature.asc
Description: Message signed with OpenPGP