On 01/16/2018 09:20 AM, Robert J. Hansen wrote:>> should not be viewed as "discussing a [...] nightmare scenario", > > I am darkly amused at someone who has not done the research into what > the nightmare scenario *is* telling me that it's not a nightmare scenario. > > The nightmare scenario is malcontents realize the keyserver network is a > multijurisdictional, redundant, distributed database from which data > cannot be deleted... and decide this makes it an ideal way to distribute > child porn. The moment that happens, the keyserver network goes down > hard as every keyserver operator everywhere gets exposed to massive > criminal liability. > > We've known about it for several years. We've been thinking about how > to counter it for several years. It turns out that countering it is a > *really hard job*. If you make it possible to delete records from a > keyserver, you open the door to all kinds of shenanigans that > governments could force keyserver operators to do on their behalf.
I think this may be the reason why others than you are much more optimistic than you about all this: I don't think we are considering this scenario, only the much more restricted case of “I want to remove information associated with my private key”. In which case there is no need of trusted introducers who would be allowed to moderate data, or anything like this: the owner of the key could just sign the deletion token with the said key. Handling network-wide censorship of information published is a much harder scenario, as the network was designed to be censorship-resistent. And it looks like a nice property we would want to keep at network-level in my opinion, though in order to accomodate local jurisdictions keyserver operators could maybe want not to store eg. photo IDs or the like -- just like if I understand correctly the case of someone sueing to get his key removed from keyservers lead to the addition of an option for keyserver operators to refuse syncing certain keys. That said, I did read your “To implement this would require a completely new keyserver implementation, […]” ; this message was just to maybe cast some light on why some people look much more optimistic about this than you are. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users