Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

Hendrik Visage wrote:

> > On 16 Aug 2019, at 23:29 , Stefan Claas  wrote:

> > Please explain in 2019 to you friends, wishing to learn secure email
> > communications, that they should use PGP, while everybody can sign
> > their pub key with arbritary  (and illegal) data, thanks to SKS.
> 
> The signature is a indication of who knows you, and SKS is a mechanism, not
> the only mechanism to setup a web of trusts

??? Mr. or Mrs. X signs my pub key, put some 'funny stuff' on it, without
my knowledge and I should know these people? Or look at prominent people's
keys with lots of sigs, while the key holder does not sign back ... Do
you think that those prominent key holders know the signers, or could
it be the case that those are only fan sigs, bringing no weight to the
WoT?

> > They will for sure show you a stinking finger.
> 
> You aren’t forced to be part of, nor use, the SKS.

Correct. I recently saw that my current pub key was uploaded, while
I am no longer part of SKS. Others may think that I am still using
SKS. :-(
 
> > A public key in 2019 does not mean that it can be used for nasty
> > things, while a public key holder can not defend him  / her self!
> 
> I may have an outer wall that get’s grafiti all the time… I can’t protect
> that every single minute of the day… but I can proof it is my home given the
> fact that only I have a set of keys that will open the (full of grafiti)
> garage door!!
> 
> that public key’s “signing” is the perpetrator that acknowledges it’s my key,
> even if/when he/she/they/them/whatever put horrible things on it, they are
> still the ones that can be shown as the ones that did it…

??? Then please tell us who did the 'funny' sigs on Facebook's pub key.

> > May I ask why you SKS operators did not implemented GnuPG's
> > feature the --no-modifiy flag? It is not a brand new feature …
> 
> Perhaps as it’s not running GnuPG/pgp inside the SKS key servers ;)

Mmmhhh ... and nobody liked to tackle this issue ...

> SKS is just a mechanism to share (decentralized) a blob of data with a random
> number ID

Yes, unfortunately.

Regards
Stefan





-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

Ryan Hunt wrote:

> Its quite simple really, you sign a revocation of the key and create a new
> one, just like you'd do if you ever suspected your private key had been
> compromised.

Excuse me, I can't follow you (maybe a language barrier from my side).

If something nasty or bad sticks on my pub key people later can see
this, regardless if the key is revoked or not. They maybe simply assume
that the writing on my key is true? or false? because I can't get rid
of such nasty or false claims.

Like I said I can handle this as old fart, but you can't expect this
from other people, new to the PGP/SKS ecosystem.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Hendrik Visage]

> On 16 Aug 2019, at 23:29 , Stefan Claas  wrote:
> 
> Hendrik Visage wrote:
> 
>> SKS network contains *PUBLIC* keys. It’s purpose, is to PUBLICLY make your
>> communications, signed/etc. with the associated *private* key, by directed to
>> you and associated with you to proof that it was *you* that
>> signed/produced/etc. that piece of communication. That purpose would be to
>> know that the communication was not forged as you, and thus people can take
>> that piece of communications as being your words spoken and trusted as it was
>> not somebody else faked you. It is also a mechanism that you can receive
>> communications, meant only for your eyes (I meant *private* key :) )that
>> nobody else can decode (given they’ve not compromised your private key).
>> 
>> The fact that the SKS network had been and probably will still be
>> abused/DoSed/etc. we can’t deny, but once people becomes silly, as I see this
>> whole GDPR discussions have been, I have but one set of advice: Either you
>> fix it, or you get out of the SKS server network… let those that run the SKS
>> servers have the pains/legal battles/etc. when they are attacked by the GDPR
>> enforcers, we’ll fight that battle, no need to make our lives worse off if
>> you can’t add positive value…
>> 
>> Yours enjoying his pop-corn reading these debates
> 
> O.k. let's forget for a moment the GDPR.
> 
> Would you or any other SKS operator in 2019 agree that a person should
> have the right that his / her public key can be removed from the SKS
> network if he / she asks for?

The method to do that, is to have a valid period, and then before the valid 
period expires, the user can resign a new
key with the old key, or he/she/they/them/whatever could just let that expire.

The user that want that key to be removed, either doesn’t understand the 
principles/ideas of the need/use for the
PUBLICLY available public keys, or is hiding something that they shouldn’t have 
done in the first place.

> An example: You have children and you recommend as an privacy advocate
> and parent that your minors should use PGP.

> A nasty classmate signs your daughters pub key with bad things. Teenagers
> usually smarter than their parents may not handle such a situation well,
> like us old PGP farts.

Well, the   “bad” things, and the “sign” is a method to prosecute (with quite a 
high confidence level) the guilty party
to the point where the punishment should be a deterrent enough for future 
bullies to be fearful of.

The specifics is (a) an indication of a badly educated bully, and (b) a bad 
family structure of the victim (Personal points of views and beliefs)
that gets worsened by the facts that the guilty aren’t properly punished, (We 
have police states, but the criminals have more rights than the civilians
that can’t even protect themselves against the perpetrators with enough force 
to deter the perpetrators ;( )

Things like GDPR are nice “laws”, but a toothless setup other than a monetary 
slap on the wrists for the big guys.

> Please explain in 2019 to you friends, wishing to learn secure email
> communications, that they should use PGP, while everybody can sign
> their pub key with arbritary  (and illegal) data, thanks to SKS.

The signature is a indication of who knows you, and SKS is a mechanism, not the 
only mechanism to setup a web of trusts

> They will for sure show you a stinking finger.

You aren’t forced to be part of, nor use, the SKS.

> A public key in 2019 does not mean that it can be used for nasty
> things, while a public key holder can not defend him  / her self!

I may have an outer wall that get’s grafiti all the time… I can’t protect that 
every single minute of the day…
but I can proof it is my home given the fact that only I have a set of keys 
that will open the (full of grafiti) garage door!!

that public key’s “signing” is the perpetrator that acknowledges it’s my key, 
even if/when he/she/they/them/whatever
put horrible things on it, they are still the ones that can be shown as the 
ones that did it…

> May I ask why you SKS operators did not implemented GnuPG's
> feature the --no-modifiy flag? It is not a brand new feature …

Perhaps as it’s not running GnuPG/pgp inside the SKS key servers ;)
SKS is just a mechanism to share (decentralized) a blob of data with a random 
number ID


— Hendrik


signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Ryan Hunt]

Its quite simple really, you sign a revocation of the key and create a new
one, just like you'd do if you ever suspected your private key had been
compromised.

-R

On Fri, Aug 16, 2019 at 3:29 PM Stefan Claas  wrote:

> Hendrik Visage wrote:
>
> > SKS network contains *PUBLIC* keys. It’s purpose, is to PUBLICLY make
> your
> > communications, signed/etc. with the associated *private* key, by
> directed to
> > you and associated with you to proof that it was *you* that
> > signed/produced/etc. that piece of communication. That purpose would be
> to
> > know that the communication was not forged as you, and thus people can
> take
> > that piece of communications as being your words spoken and trusted as
> it was
> > not somebody else faked you. It is also a mechanism that you can receive
> > communications, meant only for your eyes (I meant *private* key :) )that
> > nobody else can decode (given they’ve not compromised your private key).
> >
> > The fact that the SKS network had been and probably will still be
> > abused/DoSed/etc. we can’t deny, but once people becomes silly, as I see
> this
> > whole GDPR discussions have been, I have but one set of advice: Either
> you
> > fix it, or you get out of the SKS server network… let those that run the
> SKS
> > servers have the pains/legal battles/etc. when they are attacked by the
> GDPR
> > enforcers, we’ll fight that battle, no need to make our lives worse off
> if
> > you can’t add positive value…
> >
> > Yours enjoying his pop-corn reading these debates
>
> O.k. let's forget for a moment the GDPR.
>
> Would you or any other SKS operator in 2019 agree that a person should
> have the right that his / her public key can be removed from the SKS
> network if he / she asks for?
>
> An example: You have children and you recommend as an privacy advocate
> and parent that your minors should use PGP.
>
> A nasty classmate signs your daughters pub key with bad things. Teenagers
> usually smarter than their parents may not handle such a situation well,
> like us old PGP farts.
>
> Please explain in 2019 to you friends, wishing to learn secure email
> communications, that they should use PGP, while everybody can sign
> their pub key with arbritary  (and illegal) data, thanks to SKS.
>
> They will for sure show you a stinking finger.
>
> A public key in 2019 does not mean that it can be used for nasty
> things, while a public key holder can not defend him  / her self!
>
> May I ask why you SKS operators did not implemented GnuPG's
> feature the --no-modifiy flag? It is not a brand new feature ...
>
> Regards
> Stefan
>
> --
> box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
> GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

Hendrik Visage wrote:

> SKS network contains *PUBLIC* keys. It’s purpose, is to PUBLICLY make your
> communications, signed/etc. with the associated *private* key, by directed to
> you and associated with you to proof that it was *you* that
> signed/produced/etc. that piece of communication. That purpose would be to
> know that the communication was not forged as you, and thus people can take
> that piece of communications as being your words spoken and trusted as it was
> not somebody else faked you. It is also a mechanism that you can receive
> communications, meant only for your eyes (I meant *private* key :) )that
> nobody else can decode (given they’ve not compromised your private key).
> 
> The fact that the SKS network had been and probably will still be
> abused/DoSed/etc. we can’t deny, but once people becomes silly, as I see this
> whole GDPR discussions have been, I have but one set of advice: Either you
> fix it, or you get out of the SKS server network… let those that run the SKS
> servers have the pains/legal battles/etc. when they are attacked by the GDPR
> enforcers, we’ll fight that battle, no need to make our lives worse off if
> you can’t add positive value…
> 
> Yours enjoying his pop-corn reading these debates

O.k. let's forget for a moment the GDPR.

Would you or any other SKS operator in 2019 agree that a person should
have the right that his / her public key can be removed from the SKS
network if he / she asks for?

An example: You have children and you recommend as an privacy advocate
and parent that your minors should use PGP.

A nasty classmate signs your daughters pub key with bad things. Teenagers
usually smarter than their parents may not handle such a situation well,
like us old PGP farts.

Please explain in 2019 to you friends, wishing to learn secure email
communications, that they should use PGP, while everybody can sign
their pub key with arbritary  (and illegal) data, thanks to SKS.

They will for sure show you a stinking finger.

A public key in 2019 does not mean that it can be used for nasty
things, while a public key holder can not defend him  / her self!

May I ask why you SKS operators did not implemented GnuPG's
feature the --no-modifiy flag? It is not a brand new feature ...

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Hendrik Visage]

> On 16 Aug 2019, at 22:45 , Stefan Claas  wrote:
> 
> O.k. I understand your point, but what I like to say is that I or anybody
> else can download a dump without running a key server. While running a
> key server requires a dump, it would be really nice if dumps are only
> available to a (trusted) pool of operators, as long as the current SKS
> model is still available on the Internet.

Well… here you’ll have to define “trusted”… Am I (being a South African with 
SKS servers in South Africa, France, Canada &  Singapore) being trust worthy 
for a GDPR? Which of my servers may or may not peer with each other as a side 
note? Now if I load a dump in FRance, may I peer with my RSA server? or should 
I load the dump in RSA and peer with my France server? If I receive a GDPR take 
down, does it only apply to my server(s) in France, or what if my RSA servers 
are providing a VPN/TOR endpoint via a FRance server, is that also under the 
GDPR?

The fact that the dumps exist, ACROSS THE GLOBE, makes any GDPR related 
discussion IMHO a very mute point once the data have entered the SKS server 
network.

It’s like unseeing a naked photo of person… it’s just not “possible”.

I would echo what everybody should know and understand: a PUBLIC KEY is by 
definition *PUBLIC*, NOTHING PRIVATE about it… BY DEFINITION.

SKS network contains *PUBLIC* keys. It’s purpose, is to PUBLICLY make your 
communications, signed/etc. with the associated *private* key, by directed to 
you and associated with you to proof that it was *you* that 
signed/produced/etc. that piece of communication. That purpose would be to know 
that the communication was not forged as you, and thus people can take that 
piece of communications as being your words spoken and trusted as it was not 
somebody else faked you. It is also a mechanism that you can receive 
communications, meant only for your eyes (I meant *private* key :) )that nobody 
else can decode (given they’ve not compromised your private key).

The fact that the SKS network had been and probably will still be 
abused/DoSed/etc. we can’t deny, but once people becomes silly, as I see this 
whole GDPR discussions have been, I have but one set of advice: Either you fix 
it, or you get out of the SKS server network… let those that run the SKS 
servers have the pains/legal battles/etc. when they are attacked by the GDPR 
enforcers, we’ll fight that battle, no need to make our lives worse off if you 
can’t add positive value…

Yours enjoying his pop-corn reading these debates

Hendrik





signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

Andrew Gallagher wrote:

> 
> > On 16 Aug 2019, at 20:31, Stefan Claas  wrote:
> > 
> > You guys need a lot of brainstorming IMHO on how to improve the SKS
> > infrastructure to get back users.
> 
> I dunno, I’ve been brainstorming pretty hard on this list recently... :-p
> 
> > Maybe it would be a good idea to
> > get the hockeypuck author on board, because it is written in Golang
> > and I assume that there are more Golang programmers available to help
> > you guys out, compared to OCaml programmers.
> 
> The issue is less about the programming (or the programming language) and
> more about the protocol. If we had agreement on a replacement protocol then
> anyone reasonably competent could program it. I know of three SKS *protocol*
> implementations in the wild. Any or all of these could be upgraded to the new
> protocol - IFF we had a) broad agreement on what the new protocol was *for*,
> and b) a robust specification. 

I recently came across dkg's draft. (sorry I don't have a link currently handy)

Since he is a respected community member, at least in the GnuPG ML, maybe his
draft could be used as a reference, to come up with specs, discussed here,
which a programmer could make a software of. At least his draft could be used
as a guideline for discussions.

Regards
Stefan


-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

Andrew Gallagher wrote:

> 
> > On 16 Aug 2019, at 19:48, Stefan Claas  wrote:
> > 
> > People, like me, do not
> > like the idea of sharing dumps to 3rd parties (hello GDPR), without our
> > consent.
> 
> There is no net difference between distributing a dump and peering with
> another sks server. I don’t understand why you keep going on about dumps and
> not peering. They are the same thing from a data protection POV. 

O.k. I understand your point, but what I like to say is that I or anybody
else can download a dump without running a key server. While running a
key server requires a dump, it would be really nice if dumps are only
available to a (trusted) pool of operators, as long as the current SKS
model is still available on the Internet.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Andrew Gallagher]

> On 16 Aug 2019, at 20:31, Stefan Claas  wrote:
> 
> You guys need a lot of brainstorming IMHO on how to improve the SKS
> infrastructure to get back users.

I dunno, I’ve been brainstorming pretty hard on this list recently... :-p

> Maybe it would be a good idea to
> get the hockeypuck author on board, because it is written in Golang
> and I assume that there are more Golang programmers available to help
> you guys out, compared to OCaml programmers.

The issue is less about the programming (or the programming language) and more 
about the protocol. If we had agreement on a replacement protocol then anyone 
reasonably competent could program it. I know of three SKS *protocol* 
implementations in the wild. Any or all of these could be upgraded to the new 
protocol - IFF we had a) broad agreement on what the new protocol was *for*, 
and b) a robust specification. 

A
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Andrew Gallagher]

> On 16 Aug 2019, at 19:48, Stefan Claas  wrote:
> 
> People, like me, do not
> like the idea of sharing dumps to 3rd parties (hello GDPR), without our
> consent.

There is no net difference between distributing a dump and peering with another 
sks server. I don’t understand why you keep going on about dumps and not 
peering. They are the same thing from a data protection POV. 

A
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

st...@yakamo.org wrote:

> I was not aware of mailvelopes keyserver, looks good!

Indeed! I just did a quick test and compared to Hagrid
my CA sig3 from Governikus is not stripped off. :-)

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[stuff]

I was not aware of mailvelopes keyserver, looks good!

Yakamo

On Fri, 16 Aug 2019 21:31:55 +0200
Stefan Claas  wrote:

> Todd Fleisher wrote:
> 
> > I will also point out there is a movement amongst several major software
> > distributions that bring PGP support to the masses (especially as it relates
> > to email) that are migrating away from the SKS network in large part because
> > of this very issue (https://keys.openpgp.org/about/usage
> > ). And while there are other use cases
> > for the SKS network for sure, I believe the ongoing issue where keys can be
> > rendered un-importable by malicious third parties without warning threatens
> > its very existence and needs to be dealt with before it’s too late.
> 
> You may check out also the new Mailvelope Key Server:
> 
> https://keys.mailvelope.com/
> 
> And don't forget keybase is growing fast:
> 
> Stats
> Keys: 2,020,113
> Humans: 405,032
> Teams: 68,144
> 
> And finally individuals can run their own WKD instance.
> 
> You guys need a lot of brainstorming IMHO on how to improve the SKS
> infrastructure to get back users. Maybe it would be a good idea to
> get the hockeypuck author on board, because it is written in Golang
> and I assume that there are more Golang programmers available to help
> you guys out, compared to OCaml programmers.
> 
> Regards
> Stefan
> 
> -- 
> box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
> GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel


-- 


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Robert J. Hansen]

> Hansen its 2019 not 1990 and you need to evolve your thinking beyond your own 
> personal interests!

Yawn.  Call me when you've given up on the ad hominem.

> Do you think the GDPR is a bad thing?

I think it's a law enacted by a nation I'm not party to and am not
obligated to obey.  That means any and all arguments that start with
"but it's the law!" are meaningless for me and many others.  It may be
your law but it's not mine and I'm not obligated to follow it.

> Do you think people having the right to better privacy is bad?

Of course not.  But you seem to believe the GDPR is clearly a win for
the liberties of all people involved, whereas the truth is it
prioritizes one kind of liberty for one person (your right to be
private) above another kind of liberty for another person (my right to
share facts with others).

It's okay for people to disagree with the tradeoffs of liberty that are
baked into laws.  That's called political dissent, and respecting
dissent is every bit as important as respecting privacy.

Start showing some.

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

Todd Fleisher wrote:

> I will also point out there is a movement amongst several major software
> distributions that bring PGP support to the masses (especially as it relates
> to email) that are migrating away from the SKS network in large part because
> of this very issue (https://keys.openpgp.org/about/usage
> ). And while there are other use cases
> for the SKS network for sure, I believe the ongoing issue where keys can be
> rendered un-importable by malicious third parties without warning threatens
> its very existence and needs to be dealt with before it’s too late.

You may check out also the new Mailvelope Key Server:

https://keys.mailvelope.com/

And don't forget keybase is growing fast:

Stats
Keys: 2,020,113
Humans: 405,032
Teams: 68,144

And finally individuals can run their own WKD instance.

You guys need a lot of brainstorming IMHO on how to improve the SKS
infrastructure to get back users. Maybe it would be a good idea to
get the hockeypuck author on board, because it is written in Golang
and I assume that there are more Golang programmers available to help
you guys out, compared to OCaml programmers.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

Stefan Claas wrote:

> Dumps can be used for a variety of tasks. I remember rjh once saying that
> people asked him if they can trust the key servers. Does this trust mean:
> Can a key been removed or faked, or a dump been used for analyzing social
> graphs of non-trained dissidents, activists etc. who, not knowing better
> before, signed each others key publicity. (A WWW key server interface in
> its current form may reveal such info too, but IHMO not so quickly.)

And one more point. Publicity available dumps made it possible to bootstrap
key server in non-so-democratic countries, where people are probably not
allowed to use strong encryption, like PGP ... Let alone that when you travel
for holidays in such a country one may have then also 'little' problems.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

Todd Fleisher wrote:

> > On Aug 16, 2019, at 10:24 AM, Stefan Claas  wrote:
> > 
> > DevPGSV Pablo wrote:
> > 
> > O.k. I must admit I did not thought about the centralization issue,
> > people might have.
> > 
> > Well, then operators could put that on a link of their own WWW key
> > server interface and Kristian could add only a column in his pool
> > page, indicating that server x,y,z has a canary, without taking any
> > actions.
> > 
> > Even if Kristian does not like the idea than at least people could
> > see that operators are willing to support the idea.
> 
> I don’t understand what benefit having operators post warrant canaries is
> supposed to provide in the context of the SKS network.

The purpose of this suggestion is to bring back a little bit more trust in
a Network, which is currently broken by design. People, like me, do not
like the idea of sharing dumps to 3rd parties (hello GDPR), without our
consent.

Operators should protect the database as best as possible.

Dumps can be used for a variety of tasks. I remember rjh once saying that
people asked him if they can trust the key servers. Does this trust mean:
Can a key been removed or faked, or a dump been used for analyzing social
graphs of non-trained dissidents, activists etc. who, not knowing better
before, signed each others key publicity. (A WWW key server interface in
its current form may reveal such info too, but IHMO not so quickly.)

Regards
Stefan



-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Todd Fleisher]

> On Aug 16, 2019, at 10:42 AM, Ryan Hunt  wrote:
> 
> Its role as a decentralized, tamper resistant key storage solution is still 
> vital, and I would love it if we had the development going on to address the 
> stability issues, but thats simply not the case at this point in time and 
> until the actual integrity of the data the SKS network serves is compromised 
> there is no need for its death..


I think it would be much more constructive and on topic to this list if we 
could focus on this issue vs. what this thread has devolved into. There are 
very real operational issues with the SKS network and while I don’t agree it 
needs to die, I can attest to the fact that it has become a significant problem 
for some to rely on it for public key distribution because of the poison key 
issue. My key has already been targeted which means the public can no longer 
obtain it from the SKS network and I am not the only person this problem 
impacts.

I am personally not migrating to keys.openpgp.org  
because of the limitations it currently has over the SKS network:

- Cannot perform wildcard searches by domain
- Cannot discover keys that have not been submitted & verified
- Keys lack signatures which breaks the web of trust

I will also point out there is a movement amongst several major software 
distributions that bring PGP support to the masses (especially as it relates to 
email) that are migrating away from the SKS network in large part because of 
this very issue (https://keys.openpgp.org/about/usage 
). And while there are other use cases 
for the SKS network for sure, I believe the ongoing issue where keys can be 
rendered un-importable by malicious third parties without warning threatens its 
very existence and needs to be dealt with before it’s too late.

-T

+cc Kristian directly for higher visibility



signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[stuff]

I guess we will have to agree to disagree, i dont think we will get any further 
with this.
I fully support the GDPR as do alot of people in the EU.

You have made it clear where you stand as i have.

Still not sure what Austraila has to do with the EU and the GDPR though?

But i do know that the backdoor law implemented in Austraila is part of the 5 
eyes progam which the US is part of and mostly spear heads these operations as 
it does in the UK as well. America is certainly not a budding example of 
privacy!


Just one correction keys.openpgp.org is fully GDPR compliant for those in the 
EU.

Kind Regards

Yakamo

On Fri, 16 Aug 2019 11:42:31 -0600
Ryan Hunt  wrote:

> SKS is still resilient to anyone wiping out all references to my public key
> and replacing with their own for a man in the middle attack, you can go
> check multiple servers and compare keys against each other.. I can check
> keys in my local keystore or transmitted via other means against whats in
> SKS, its also resilient to keys being removed to prevent verifying data
> signed long ago.. none of that has changed, you can attack the whole
> network but its integrity is still intact when it comes back up..
> 
> Its role as a decentralized, tamper resistant key storage solution is still
> vital, and I would love it if we had the development going on to address
> the stability issues, but thats simply not the case at this point in time
> and until the actual integrity of the data the SKS network serves is
> compromised there is no need for its death.. yes there are alternatives,
> but those wont force enforcement of your precious GDPR, I can host all the
> same keys any way I want and ignore all your requests for removal just the
> same so your argument attacking SKS specifically is moot.
> 
> > Also do you think its good Mr Hunt that data can be uploaded onto these
> servers such as peoples personal information without consent? This has
> happened to a lot of people. And yet no one is interested in addressing
> this!
> I've proposed solutions to simply add more sanity/validation checks to make
> sure keys are actual valid keys and limiting the overall size of keys to
> prevent abuse, but overall I'm not terribly concerned.. there's a billion
> places to make information public on the internet that is entirely out of
> reach of your local authorities, SKS is rather ineffective means of making
> information public since practically nobody is looking at the dataset as a
> whole and are only querying information directly, and almost always
> automated.. You are basically Gaslighting at this point.
> 
> > And are you against the GDPR?
> Correct, the GDPR would be ruled unconstitutional in a heartbeat if someone
> tried to implement it here.
> 
> > Do you even know what the GDPR covers?
> Yes, quite well.. I unfortunately work with many forms of Digital
> Compliance in my industry.
> 
> > what has Australia got to do with this?
> Just another example of the road to hell is paved with good intentions..
> Its a slippery slope you guys are already sliding down.. I can only think
> of one operator that was forced to shut down for being liable for data
> others posted publicly, and that was an Australian operator.. long before
> the GDPR was drafted.. and nothing was accomplished, the data they tried to
> take out of the public sphere still exists.. again SKS worked as designed,
> the government was unable to stop the distribution of that data.. and its
> still accessible, even within Australia.
> 
> > and where are you from Mr Hunt? America?
> Yes, Colorado to be precise if you need to figure out what court to waste
> your time with.
> 
> > There's plenty why you claim none im not sure, maybe we should test this
> theory of yours?
> Go for it, I am completely willing to face any government and the resulting
> consequences to protect the integrity and availability of public
> cryptography, if my government were to ever insist on compromising it again
> in the future I would make it my mission to distribute the tools and spread
> awareness despite any legal ramifications or any moral perspective, yeah I
> might be assisting terrorists, child abusers, and other boogiemen; but
> thats the price of cryptographically secure communications. The EU can
> bring it on for all I care, this is a hill I'm fully prepared to die on,
> and have been for a while.. I advocated for and distributed the tools 30
> years ago when strong crypto was illegal to export from the United States,
> and eventually we won that battle of attrition.
> 
> -R
> 
> 
> 
> On Fri, Aug 16, 2019 at 10:12 AM  wrote:
> 
> > On Fri, 16 Aug 2019 09:12:30 -0600
> > Ryan Hunt  wrote:
> >
> > > Yakamo,
> > > it still does its job of ensuring published keys are not tampered with,
> > it
> > > was not designed to be resilient to denial attacks.. That does not
> > > interfere with the trust of PGP, its why there are local keystores.. and
> > > the SKS network is still around despite being 

Re: [Sks-devel] The pool is shrinking

[Todd Fleisher]

> On Aug 16, 2019, at 10:24 AM, Stefan Claas  wrote:
> 
> DevPGSV Pablo wrote:
> 
> O.k. I must admit I did not thought about the centralization issue,
> people might have.
> 
> Well, then operators could put that on a link of their own WWW key
> server interface and Kristian could add only a column in his pool
> page, indicating that server x,y,z has a canary, without taking any
> actions.
> 
> Even if Kristian does not like the idea than at least people could
> see that operators are willing to support the idea.

I don’t understand what benefit having operators post warrant canaries is 
supposed to provide in the context of the SKS network.

-T



signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Ryan Hunt]

SKS is still resilient to anyone wiping out all references to my public key
and replacing with their own for a man in the middle attack, you can go
check multiple servers and compare keys against each other.. I can check
keys in my local keystore or transmitted via other means against whats in
SKS, its also resilient to keys being removed to prevent verifying data
signed long ago.. none of that has changed, you can attack the whole
network but its integrity is still intact when it comes back up..

Its role as a decentralized, tamper resistant key storage solution is still
vital, and I would love it if we had the development going on to address
the stability issues, but thats simply not the case at this point in time
and until the actual integrity of the data the SKS network serves is
compromised there is no need for its death.. yes there are alternatives,
but those wont force enforcement of your precious GDPR, I can host all the
same keys any way I want and ignore all your requests for removal just the
same so your argument attacking SKS specifically is moot.

> Also do you think its good Mr Hunt that data can be uploaded onto these
servers such as peoples personal information without consent? This has
happened to a lot of people. And yet no one is interested in addressing
this!
I've proposed solutions to simply add more sanity/validation checks to make
sure keys are actual valid keys and limiting the overall size of keys to
prevent abuse, but overall I'm not terribly concerned.. there's a billion
places to make information public on the internet that is entirely out of
reach of your local authorities, SKS is rather ineffective means of making
information public since practically nobody is looking at the dataset as a
whole and are only querying information directly, and almost always
automated.. You are basically Gaslighting at this point.

> And are you against the GDPR?
Correct, the GDPR would be ruled unconstitutional in a heartbeat if someone
tried to implement it here.

> Do you even know what the GDPR covers?
Yes, quite well.. I unfortunately work with many forms of Digital
Compliance in my industry.

> what has Australia got to do with this?
Just another example of the road to hell is paved with good intentions..
Its a slippery slope you guys are already sliding down.. I can only think
of one operator that was forced to shut down for being liable for data
others posted publicly, and that was an Australian operator.. long before
the GDPR was drafted.. and nothing was accomplished, the data they tried to
take out of the public sphere still exists.. again SKS worked as designed,
the government was unable to stop the distribution of that data.. and its
still accessible, even within Australia.

> and where are you from Mr Hunt? America?
Yes, Colorado to be precise if you need to figure out what court to waste
your time with.

> There's plenty why you claim none im not sure, maybe we should test this
theory of yours?
Go for it, I am completely willing to face any government and the resulting
consequences to protect the integrity and availability of public
cryptography, if my government were to ever insist on compromising it again
in the future I would make it my mission to distribute the tools and spread
awareness despite any legal ramifications or any moral perspective, yeah I
might be assisting terrorists, child abusers, and other boogiemen; but
thats the price of cryptographically secure communications. The EU can
bring it on for all I care, this is a hill I'm fully prepared to die on,
and have been for a while.. I advocated for and distributed the tools 30
years ago when strong crypto was illegal to export from the United States,
and eventually we won that battle of attrition.

-R



On Fri, Aug 16, 2019 at 10:12 AM  wrote:

> On Fri, 16 Aug 2019 09:12:30 -0600
> Ryan Hunt  wrote:
>
> > Yakamo,
> > it still does its job of ensuring published keys are not tampered with,
> it
> > was not designed to be resilient to denial attacks.. That does not
> > interfere with the trust of PGP, its why there are local keystores.. and
> > the SKS network is still around despite being unreliable/broken from a
> > maintenance standpoint.. your poisoned keys are not altering other
> > individuals keys in any way/shape/form, so its security has not been
> > compromised.. availability of keyservers is not critical to the use of
> PGP,
> > again by design.. there are many ways to distribute keys, it is resilient
> > factually despite your opinions.. over the decades the need has not been
> > lost.
> >
>
> That's correct its not designed to be resilient to denial attacks, making
> it unreliable as stated before! which means its not resilient to
> governments at all! This statement stands true. Now it barely fulfils its
> basic functions! the amount of posts littered over the internet about how
> people cant pull a key from the servers or unable to upload them. There are
> constant outages!
>
> There are alternatives and 

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

DevPGSV Pablo wrote:

> Please, if you consider the canary...
> Don't centralize it.
> SKS is supposed to be decentralized.
> If the power to ban someone from the public pool or from peers, or
> somewhere else, falls on a single person, then you are centralizing an
> important part of SKS.
> SKS is already broken due to the attacks... If you centralize it, then it
> loses the only thing the other alternatives do not have.

O.k. I must admit I did not thought about the centralization issue,
people might have.

Well, then operators could put that on a link of their own WWW key
server interface and Kristian could add only a column in his pool
page, indicating that server x,y,z has a canary, without taking any
actions.

Even if Kristian does not like the idea than at least people could
see that operators are willing to support the idea.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Todd Fleisher]

> On Aug 16, 2019, at 10:19 AM, Kiss Gabor (Bitman)  wrote:
> 
>> So to answer your questions:
> 
> Ryan, have you ever seen this funny picture? :)
> http://en.wikipedia.org/wiki/File:DoNotFeedTroll.svg
> 
> Gabor


+1 to this sentiment

If some really want to continue to debate particulars of the GDPR, I’d ask that 
they do it directly and off the list.

-T



signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Kiss Gabor (Bitman)]

> So to answer your questions:

Ryan, have you ever seen this funny picture? :)
http://en.wikipedia.org/wiki/File:DoNotFeedTroll.svg

Gabor

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[DevPGSV Pablo]

Please, if you consider the canary...
Don't centralize it.
SKS is supposed to be decentralized.
If the power to ban someone from the public pool or from peers, or
somewhere else, falls on a single person, then you are centralizing an
important part of SKS.
SKS is already broken due to the attacks... If you centralize it, then it
loses the only thing the other alternatives do not have.


On Fri, Aug 16, 2019, 6:25 PM Stefan Claas  wrote:

> Hendrik Visage wrote:
>
> >
> >
> > > On 16 Aug 2019, at 18:01 , Andrew Gallagher 
> wrote:
> > >
> > > Signed PGP part
> > > On 16/08/2019 16:13, Stefan Claas wrote:
> > >> It should tell users that SKS operators share no dumps with 3rd
> > >> parties for key analysis, i.e. social graph research etc. Those
> > >> who publish a warrant canary can stay in the pool, while others
> > >> who don't like to do so will be excluded from the pool.
> > >
> > > That's an utterly worthless exercise, considering that keyserver
> > > operators can't vouch for any other keyserver operators, and any or all
> > > of them could be three-letter agencies in disguise. You don't need a
> > > warrant to scrape publicly-available data, and you don't need to be in
> > > the pool to sync with pool keyservers.
> >
> > Not to mention that the latest dumps are publicly available for syncing
> > purposes...
>
> This is well known and Kristian could exclude this person from the pool.
>
> Regards
> Stefan
>
> --
> box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
> GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Andrew Gallagher]

On 16/08/2019 17:23, Stefan Claas wrote:
> They should not vouch for others only sign a monthly statement, which
> Kristian can add to a column in his pool site. And like I said it
> would *not* hurt! If however more key server operators  are against
> this suggestion then IMHO at least people know that operators may
> like to share dumps with 3rd parties, for whatever reasons they may
> have.

What would that statement say? "I don't explicitly provide dumps to
third parties, but I sync my keyserver with random strangers on the
internet, and that's *totally* not *exactly* the same thing." ? :-P

The only way to prevent the SKS dataset getting into arbitrary people's
hands is for all the existing keyservers to refuse to sync with anyone
who's not vouched-for and trustworthy - which will turn the keyservers
into a closed network. That may or may not be *wrong*, but it would be a
fundamental change to the entire premise of the system.

And as Hendrik pointed out above, you can't bootstrap a new SKS
keyserver without a dump.

-- 
Andrew Gallagher



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

Hendrik Visage wrote:

> 
> 
> > On 16 Aug 2019, at 18:01 , Andrew Gallagher  wrote:
> > 
> > Signed PGP part
> > On 16/08/2019 16:13, Stefan Claas wrote:
> >> It should tell users that SKS operators share no dumps with 3rd
> >> parties for key analysis, i.e. social graph research etc. Those
> >> who publish a warrant canary can stay in the pool, while others
> >> who don't like to do so will be excluded from the pool.
> > 
> > That's an utterly worthless exercise, considering that keyserver
> > operators can't vouch for any other keyserver operators, and any or all
> > of them could be three-letter agencies in disguise. You don't need a
> > warrant to scrape publicly-available data, and you don't need to be in
> > the pool to sync with pool keyservers.
> 
> Not to mention that the latest dumps are publicly available for syncing
> purposes...

This is well known and Kristian could exclude this person from the pool.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

Andrew Gallagher wrote:

> On 16/08/2019 16:13, Stefan Claas wrote:
> > It should tell users that SKS operators share no dumps with 3rd
> > parties for key analysis, i.e. social graph research etc. Those
> > who publish a warrant canary can stay in the pool, while others
> > who don't like to do so will be excluded from the pool.
> 
> That's an utterly worthless exercise, considering that keyserver
> operators can't vouch for any other keyserver operators, and any or all
> of them could be three-letter agencies in disguise. You don't need a
> warrant to scrape publicly-available data, and you don't need to be in
> the pool to sync with pool keyservers.

They should not vouch for others only sign a monthly statement, which
Kristian can add to a column in his pool site. And like I said it
would *not* hurt! If however more key server operators  are against
this suggestion then IMHO at least people know that operators may
like to share dumps with 3rd parties, for whatever reasons they may
have.

And I think with all the discussions about the GDPR it would be also
a good sign from SKS operators doing so, while Kristian had it then
easier to maintain his pool, when getting asked questions in the future.

And addional feature could be that SKS operators implement a new
version of the .html search code, for their WWW interface, only allowing
fingerprint search, without revealing a long list of who signed whoms
pub key.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[stuff]

On Fri, 16 Aug 2019 09:12:30 -0600
Ryan Hunt  wrote:

> Yakamo,
> it still does its job of ensuring published keys are not tampered with, it
> was not designed to be resilient to denial attacks.. That does not
> interfere with the trust of PGP, its why there are local keystores.. and
> the SKS network is still around despite being unreliable/broken from a
> maintenance standpoint.. your poisoned keys are not altering other
> individuals keys in any way/shape/form, so its security has not been
> compromised.. availability of keyservers is not critical to the use of PGP,
> again by design.. there are many ways to distribute keys, it is resilient
> factually despite your opinions.. over the decades the need has not been
> lost.
>

That's correct its not designed to be resilient to denial attacks, making it 
unreliable as stated before! which means its not resilient to governments at 
all! This statement stands true. Now it barely fulfils its basic functions! the 
amount of posts littered over the internet about how people cant pull a key 
from the servers or unable to upload them. There are constant outages!

There are alternatives and they work! sks doesn't!

Its not the design or the attacks that's for me personally and others 
distrustful its the, closed minded approach to how vulnerabilities are handled, 
both people from the GnuPG community and SKS have attacked people for what's 
considered normal practice when it comes to disclosure of vulnerabilities and 
bugs. "stay quiet and hope nothing happens" or "your attacking us because you 
pointed out something wrong with our software" is not a good way to deal with 
things!

Also do you think its good Mr Hunt that data can be uploaded onto these servers 
such as peoples personal information without consent? This has happened to a 
lot of people. And yet no one is interested in addressing this!

> You could not be more wrong about GnuPG, and it shows.. do you even work in
> the industry? Because where I sit, with over 54 million devices on my
> network.. PGP is one of the most trusted security tools we use, all of our
> software is signed by PGP, config files are signed by PGP, internal
> correspondence signed by PGP.. You are the only person in the world
> claiming GnuPG has lost its trust and you can write all the blog posts you
> want but your opinion means nothing to me, and the rest of the industry..
> Snowden and all the other security industry's rock stars still fully
> advocate the use of PGP despite your feeble attacks.

Are we really comparing "network" size?

I didn't say it was not in demand or general use in the security community! or 
unpopular!
Although I come across very few people who actually use it these days and who 
are not middle aged. Even FreeBSD stopped using it who knows how long ago for 
signing packages.

Like wise your opinion holds no value to me either.


> So to answer your questions:
> 1. Currently, its the only option until something better comes along.

Keybase and Hagrid or self hosting your gpg key, plenty of options.

> 2. There are absolutely none, but you seem to be beyond reason on this
> point so I digress.

There's plenty why you claim none im not sure, maybe we should test this theory 
of yours?

> 3. This is entirely arbitrary, not everyone has to share your perspective..
> Most of the industry rallied against the GDPR, if anything the EU/Australia
> has become the laughing stock of the cryptography world.. you guys would
> give up master keys and implement backdoors to your government in exchange
> for a cookie and a pat on the back.

Of course big company's rallied against the GDPR, it gives users their privacy 
back again!
This messes with their business model!

And are you against the GDPR?
Do you even know what the GDPR covers?

what has Australia got to do with this?

and where are you from Mr Hunt? America?

Kind Regards

Yakamo


-- 


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Hendrik Visage]

> On 16 Aug 2019, at 18:01 , Andrew Gallagher  wrote:
> 
> Signed PGP part
> On 16/08/2019 16:13, Stefan Claas wrote:
>> It should tell users that SKS operators share no dumps with 3rd
>> parties for key analysis, i.e. social graph research etc. Those
>> who publish a warrant canary can stay in the pool, while others
>> who don't like to do so will be excluded from the pool.
> 
> That's an utterly worthless exercise, considering that keyserver
> operators can't vouch for any other keyserver operators, and any or all
> of them could be three-letter agencies in disguise. You don't need a
> warrant to scrape publicly-available data, and you don't need to be in
> the pool to sync with pool keyservers.

Not to mention that the latest dumps are publicly available for syncing 
purposes...



signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

st...@yakamo.org wrote:

> Once again pointing out the obvious that everyone is avoiding.
> 
> The keyservers don't have any mechanisms as required by the GDPR to remove
> data.
> 
> So once again if you load up someone else's personal data with out permission
> the servers instantly break the law due to the lack of those mechanisms. This
> is the simplest one to point out, Among many other issues. There is no
> exemption to this one at all!!!
> 
> Hansen its 2019 not 1990 and you need to evolve your thinking beyond your own
> personal interests! Do you think the GDPR is a bad thing? Do you think people
> having the right to better privacy is bad? from your resent responses you
> obviously do, strange attitude considering your interest in privacy
> 
> ---
> 
> >Its about pretty good privacy, not perfect privacy.. by design w/PGP and
> >SKS, public keys are designed to be public, and not private.. in order to
> >keep the private part secure, allowing people to arbitrary purge public
> >data entirely undermines the entire thing.
> 
> And to Ryan, poor response! Also the world changes and laws change and
> peoples views of what is right and wrong change. And that's exactly what has
> happened especially in Europe! The sks keyservers where designed in the
> 1990s, its not 1990 any more. People think differently about privacy now.
> Hagrid or Keybase have solved issues for a majority of people.
> 
> It does not undermine it at all, this model is broken and its being laughed
> at by the entire tech community. Oh and it was never resilient to government
> interference that was just a fallacy which has been push right into the spot
> light. a single person or group just bitched slapped the sks keyservers
> recently with an attack, all it takes is someone to persist with a real
> attack and those are gone! NO RELIABLITIY, NO RESILIANCENO USE!!
> 
> -
> 
> The SKS Keyservers have brought a very bad light on GnuPG and other related
> projects, trust for most is low or gone in these projects, and people like
> Hansen and his approach to it has really not helped at all. Kristian
> meanwhile the maintainer remains quiet, not even making any attempts to
> suggest shutting down the servers or archiving the software.
> 
> The important Questions here for admins is :
> 
> Do you want to continue to:
> 
> 1. Run broken and unreliable software?
> 2. Risk legal consequences?
> 3. be the laughing stock of modern security?
> 

1+

I would also like to make a little suggestion, to put a little bit
more trust in this broken SKS design, for people who still might
have a need for SKS usage.

How about to issue  monthly warrant canaries from SKS operators for
the pool, Kristian maintains?

It should tell users that SKS operators share no dumps with 3rd
parties for key analysis, i.e. social graph research etc. Those
who publish a warrant canary can stay in the pool, while others
who don't like to do so will be excluded from the pool.

Does this makes sense to honest operators? I think it would not
hurt and requires no additional work, except a monthly little
GnuPG signed statement.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[stuff]

Once again pointing out the obvious that everyone is avoiding.

The keyservers don't have any mechanisms as required by the GDPR to remove data.

So once again if you load up someone else's personal data with out permission 
the servers instantly break the law due to the lack of those mechanisms. This 
is the simplest one to point out, Among many other issues. There is no 
exemption to this one at all!!!

Hansen its 2019 not 1990 and you need to evolve your thinking beyond your own 
personal interests! Do you think the GDPR is a bad thing? Do you think people 
having the right to better privacy is bad? from your resent responses you 
obviously do, strange attitude considering your interest in privacy

---

>Its about pretty good privacy, not perfect privacy.. by design w/PGP and
>SKS, public keys are designed to be public, and not private.. in order to
>keep the private part secure, allowing people to arbitrary purge public
>data entirely undermines the entire thing.

And to Ryan, poor response! Also the world changes and laws change and peoples 
views of what is right and wrong change. And that's exactly what has happened 
especially in Europe! The sks keyservers where designed in the 1990s, its not 
1990 any more. People think differently about privacy now. Hagrid or Keybase 
have solved issues for a majority of people.

It does not undermine it at all, this model is broken and its being laughed at 
by the entire tech community. Oh and it was never resilient to government 
interference that was just a fallacy which has been push right into the spot 
light. a single person or group just bitched slapped the sks keyservers 
recently with an attack, all it takes is someone to persist with a real attack 
and those are gone! NO RELIABLITIY, NO RESILIANCENO USE!!

-

The SKS Keyservers have brought a very bad light on GnuPG and other related 
projects, trust for most is low or gone in these projects, and people like 
Hansen and his approach to it has really not helped at all. Kristian meanwhile 
the maintainer remains quiet, not even making any attempts to suggest shutting 
down the servers or archiving the software.

The important Questions here for admins is :

Do you want to continue to:

1. Run broken and unreliable software?
2. Risk legal consequences?
3. be the laughing stock of modern security?

Kind regards

Yakamo


On Fri, 16 Aug 2019 08:41:53 +0200 (CEST)
Steffen Kaiser  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Thu, 15 Aug 2019, Stefan Claas wrote:
> 
> > And has Mr. Rude then the right to freely distribute this data, without
> 
> "this data" => SKS stores private data, which are public by design and in 
> consens with the uploader, Art5 (1) a) and b)
> Those dumps are used to full fill the purpose, intended by the SKS network 
> and intended to be processed by the uploader
> The SKS servers fullfill the well-known purpose of making these data 
> available publically.
> 
> > protecting it, to the whole world? If that is the case then EU citizens
> > having 'business' with the US can do the same with US citizens data.
> 
> Yes, you, personally, can dump the *SKS* database and make it available 
> yourself as well.
> 
> - -- 
> Steffen Kaiser
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
> 
> iQEVAwUBXVZQMiOjcd6avHZPAQIviQf/a9EjsJQUCZCILEdZTY+YuxFnjeJx+CDc
> +9X3d52NLeYp8mBQFdRLSNMsBneDqHye+e7QFjcyE1R7aOgEe1/Cawzht7h8Fuu8
> gs1ijA/l/Hdc0sy7uxBuEWA/mSrnyldwaxnNvInRz1GvDuxcmw48y74d20Gn/L8u
> JpnemKYjeF2CssQRjN//kEJGweNMsVpuGjLSTSxJDigp0AFXXGBWsL4wyJv4BcPB
> dpvsJ8tre7iyJoJVugT20oLs4V4EAAmKSCXDyJr1oJFtCdda6q8ii523QkEfb8hD
> /aL3pJdAsxUz9WtHwTu0qrqEKPMkZqYaWPu7+hbrMlOTqj+4yfafBg==
> =bwv8
> -END PGP SIGNATURE-
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel


-- 


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

Steffen Kaiser wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Thu, 15 Aug 2019, Stefan Claas wrote:
> 
> > And has Mr. Rude then the right to freely distribute this data, without
> 
> "this data" => SKS stores private data, which are public by design and in 
> consens with the uploader, Art5 (1) a) and b)

By what uploader? My current key wasn't uploaded by me and I gave no consent,
to whoever uploaded my key.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 15 Aug 2019, Stefan Claas wrote:


And has Mr. Rude then the right to freely distribute this data, without


"this data" => SKS stores private data, which are public by design and in 
consens with the uploader, Art5 (1) a) and b)
Those dumps are used to full fill the purpose, intended by the SKS network 
and intended to be processed by the uploader
The SKS servers fullfill the well-known purpose of making these data 
available publically.



protecting it, to the whole world? If that is the case then EU citizens
having 'business' with the US can do the same with US citizens data.


Yes, you, personally, can dump the *SKS* database and make it available 
yourself as well.


- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBXVZQMiOjcd6avHZPAQIviQf/a9EjsJQUCZCILEdZTY+YuxFnjeJx+CDc
+9X3d52NLeYp8mBQFdRLSNMsBneDqHye+e7QFjcyE1R7aOgEe1/Cawzht7h8Fuu8
gs1ijA/l/Hdc0sy7uxBuEWA/mSrnyldwaxnNvInRz1GvDuxcmw48y74d20Gn/L8u
JpnemKYjeF2CssQRjN//kEJGweNMsVpuGjLSTSxJDigp0AFXXGBWsL4wyJv4BcPB
dpvsJ8tre7iyJoJVugT20oLs4V4EAAmKSCXDyJr1oJFtCdda6q8ii523QkEfb8hD
/aL3pJdAsxUz9WtHwTu0qrqEKPMkZqYaWPu7+hbrMlOTqj+4yfafBg==
=bwv8
-END PGP SIGNATURE-

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Robert J. Hansen]

Mostly this is a response to Arnold, as for some reason his email never
showed up in my inbox:

> I thought SKS and PGP-keys is about one's ability to hide private
> data (by encryption).

Tools do not have intrinsic purposes.  There's the stuff they're
designed for and there's the stuff they actually wind up getting used
for, and very often the two are nothing alike.

The #1 use of OpenPGP today is for Linux distros to verify system
packages.  That accounts for 95% of all OpenPGP usage -- maybe more.

Tools are just tools.  We, we human beings, are the ones who have
purposes and ambitions and goals.

> GDPR is also about one's ability to hide private data

They are different far more than they are similar.

If I use OpenPGP to secure my communications, I'm not imposing anything
on people who acquire my communications.  If they can break the crypto,
go for it.  If they can't, tough luck.  But I'm not telling people who
already have the data, "oh sorry, you can't have it now."

The GDPR is completely different.  You can give me your personal
information.  I can give you complete up-front disclosure about what
you're getting into.  You can review it, you can decide that yes you
want to do this, you can give me your data... and then, ten years later,
you can force me "hey, I changed my mind, you've got to erase data now."

The OpenPGP model *compels absolutely no one*.  GDPR is built around the
idea *the EU has the right to compel people to delete data.*

I'm an American.  If the EU thinks it has the right to compel me to obey
a law I had no say in, well, good luck.

> To me, it is very strange to read one strongly supports one form of
> privacy, while totally ignoring other forms.

Then I think you really need to study ethics.

*How we do something* is just as important as *what it is we do*.  I
think there's a lot to be said about pursuing privacy in a way that
imposes no obligations on any other people.  And I think there's a lot
to be said against pursuing privacy in a way that imposes obligations on
people who don't even live in the EU.

> Remember, people in different parts of the world do have different
> values and different needs.

Yep.  And in America, we value our right to be left alone from the
government telling us that we're required to take certain acts just
because some people in Europe insist we follow their laws.

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Ryan Hunt]

One could argue the inverse, to me its very strange that administrators of
a scheme designed from the onset to be resilient to governmental scale
interference would widely open their arms to multinational scale
interference.

Its about pretty good privacy, not perfect privacy.. by design w/PGP and
SKS, public keys are designed to be public, and not private.. in order to
keep the private part secure, allowing people to arbitrary purge public
data entirely undermines the entire thing.

-Ryan

On Thu, Aug 15, 2019 at 6:39 PM Arnold  wrote:

> I thought SKS and PGP-keys is about one's ability to hide private data (by
> encryption). GDPR is also about one's ability to hide private data (by
> having
> private data, that can be used in correlations, removed from large
> databases). Yet,
> SKS administrators who apparently live outside the EU argue strongly that
> there is
> no need for them to support GDPR.
>
> To me, it is very strange to read one strongly supports one form of
> privacy, while
> totally ignoring other forms. In fact it seems to me these operators are
> not only
> ignoring other forms, but it seems they do not even acknowledge the fact
> that to
> *some* people in the world the other (GDPR) form may be very important as
> well.
> Remember, people in different parts of the world do have different values
> and
> different needs.
>
> Arnold
>
> On 15-08-2019 18:39, Robert J. Hansen wrote:
> >> Well, it was just one of many example sites...
> >
> > Again: I'm going to go with the real advice given to me by real lawyers.
> >
> >> So as an example, US SKS key server operators do not have to honor
> >> removal request (in this case shut-down the server) from EU citizens,
> >> when they receive a letter from a lawyer?
> >
> > Depends on the individual.  I rarely travel to Europe and have no
> > financial holdings there.  It gives me a great ability to say "no, I'm
> > not signatory to your treaty, go away."  Other Americans may have enough
> > ties to Europe to make it possible for EU courts to apply leverage.
> >
> >> I remember also that plenty of US sites (small and large), where I
> >> did business with, asked for my consent as EU citizen, when they
> >> changed their privacy policy once the GDPR took place.
> >
> > Some of them do business in Europe and are susceptible to pressure by
> > the EU.  Some of them were just jumping on the bandwagon.
> >
> >> Has an US SKS key server operator then not 'business' ties with EU
> >> citizens, when storing their personal data like name and email address?
> >
> > No.  Those are considered facts no different than tracking a name and
> > phone number.  Mere facts cannot be suppressed by the United States
> > government; citizens are allowed to share them to our heart's content.
> >
> >> And has Mr. Rude then the right to freely distribute this data, without
> >> protecting it, to the whole world?
> >
> > I don't know anything about him or where he lives or which laws he must
> > follow.
> >
> > ___
> > Sks-devel mailing list
> > Sks-devel@nongnu.org
> > https://lists.nongnu.org/mailman/listinfo/sks-devel
> >
>
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Arnold]

I thought SKS and PGP-keys is about one's ability to hide private data (by
encryption). GDPR is also about one's ability to hide private data (by having
private data, that can be used in correlations, removed from large databases). 
Yet,
SKS administrators who apparently live outside the EU argue strongly that there 
is
no need for them to support GDPR.

To me, it is very strange to read one strongly supports one form of privacy, 
while
totally ignoring other forms. In fact it seems to me these operators are not 
only
ignoring other forms, but it seems they do not even acknowledge the fact that to
*some* people in the world the other (GDPR) form may be very important as well.
Remember, people in different parts of the world do have different values and
different needs.

Arnold

On 15-08-2019 18:39, Robert J. Hansen wrote:
>> Well, it was just one of many example sites...
> 
> Again: I'm going to go with the real advice given to me by real lawyers.
> 
>> So as an example, US SKS key server operators do not have to honor
>> removal request (in this case shut-down the server) from EU citizens,
>> when they receive a letter from a lawyer?
> 
> Depends on the individual.  I rarely travel to Europe and have no
> financial holdings there.  It gives me a great ability to say "no, I'm
> not signatory to your treaty, go away."  Other Americans may have enough
> ties to Europe to make it possible for EU courts to apply leverage.
> 
>> I remember also that plenty of US sites (small and large), where I
>> did business with, asked for my consent as EU citizen, when they
>> changed their privacy policy once the GDPR took place.
> 
> Some of them do business in Europe and are susceptible to pressure by
> the EU.  Some of them were just jumping on the bandwagon.
> 
>> Has an US SKS key server operator then not 'business' ties with EU
>> citizens, when storing their personal data like name and email address?
> 
> No.  Those are considered facts no different than tracking a name and
> phone number.  Mere facts cannot be suppressed by the United States
> government; citizens are allowed to share them to our heart's content.
> 
>> And has Mr. Rude then the right to freely distribute this data, without
>> protecting it, to the whole world?
> 
> I don't know anything about him or where he lives or which laws he must
> follow.
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Robert J. Hansen]

> Well, it was just one of many example sites...

Again: I'm going to go with the real advice given to me by real lawyers.

> So as an example, US SKS key server operators do not have to honor
> removal request (in this case shut-down the server) from EU citizens,
> when they receive a letter from a lawyer?

Depends on the individual.  I rarely travel to Europe and have no
financial holdings there.  It gives me a great ability to say "no, I'm
not signatory to your treaty, go away."  Other Americans may have enough
ties to Europe to make it possible for EU courts to apply leverage.

> I remember also that plenty of US sites (small and large), where I
> did business with, asked for my consent as EU citizen, when they
> changed their privacy policy once the GDPR took place.

Some of them do business in Europe and are susceptible to pressure by
the EU.  Some of them were just jumping on the bandwagon.

> Has an US SKS key server operator then not 'business' ties with EU
> citizens, when storing their personal data like name and email address?

No.  Those are considered facts no different than tracking a name and
phone number.  Mere facts cannot be suppressed by the United States
government; citizens are allowed to share them to our heart's content.

> And has Mr. Rude then the right to freely distribute this data, without
> protecting it, to the whole world?

I don't know anything about him or where he lives or which laws he must
follow.

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

Robert J. Hansen wrote:

> I'm going to believe the privacy lawyer I pay $450 an hour to more than
> I'm going to trust a sketchy website that's not even officially
> affiliated with the EU.

Well, it was just one of many example sites, when one is googling
for "has the US comply to the GDPR". If one does the same he will
also find US sites giving US citizens advice.

> Quoting from it:
> 
> "You may be wondering how the European Union will enforce a law in
> territory it does not control."
> 
> Yep.
> 
> "The fact is, foreign governments help other countries enforce their
> laws through mutual assistance treaties and other mechanisms all the time."
> 
> Yep.  Except that in America, the government *can't* help enforce many
> parts of the GDPR.  The courts prohibit them from doing it.  You walk
> into an American court waving a GDPR writ and it doesn't matter how many
> EU bureaucrats sign it: if it intrudes on an American citizen's freedom
> of speech the government is prohibited from participating.  This is
> bog-standard American Constitutional law.

So as an example, US SKS key server operators do not have to honor
removal request (in this case shut-down the server) from EU citizens,
when they receive a letter from a lawyer?

I remember also that plenty of US sites (small and large), where I
did business with, asked for my consent as EU citizen, when they
changed their privacy policy once the GDPR took place.

> It does not apply to US companies, except those that have business units
> in the EU or have extensive business ties with the EU.

Has an US SKS key server operator then not 'business' ties with EU
citizens, when storing their personal data like name and email address?

And has Mr. Rude then the right to freely distribute this data, without
protecting it, to the whole world? If that is the case then EU citizens
having 'business' with the US can do the same with US citizens data.

Well, just my thoughts.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Robert J. Hansen]

> Please have a read:

Did.

I'm going to believe the privacy lawyer I pay $450 an hour to more than
I'm going to trust a sketchy website that's not even officially
affiliated with the EU.  Quoting from it:

"You may be wondering how the European Union will enforce a law in
territory it does not control."

Yep.

"The fact is, foreign governments help other countries enforce their
laws through mutual assistance treaties and other mechanisms all the time."

Yep.  Except that in America, the government *can't* help enforce many
parts of the GDPR.  The courts prohibit them from doing it.  You walk
into an American court waving a GDPR writ and it doesn't matter how many
EU bureaucrats sign it: if it intrudes on an American citizen's freedom
of speech the government is prohibited from participating.  This is
bog-standard American Constitutional law.

"GDPR Article 50 addresses this question directly."

No it doesn't.  Have you *read* Article 50?  "In relation to third
countries and international organisations, the Commission and
supervisory authorities shall take appropriate steps to..."

It doesn't enact *anything*.  All it says is, "We want the Commission to
do X.  We don't know if it's even possible to do X.  We don't really
care.  We're ordering them to do X anyway."

It's great to have aspirations, but Article 50 isn't even *law*.  All it
says is, "we're instructing our guys to look into it."

> If this applies to US companies do you think non-profit US SKS operators are
> excempted?

It does not apply to US companies, except those that have business units
in the EU or have extensive business ties with the EU.

Doesn't apply to me.  Have a nice day.  :)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Tobias Frei]

I guess I'm pointing out the obvious to most readers, but despite that official-looking domain name, "This is not an official EU Commission or Government resource. The europa.eu webpage concerning GDPR can be found here [link removed]. Nothing found in this portal constitutes legal advice." On Aug 15, 2019 00:29, Stefan Claas  wrote:Robert J. Hansen wrote:
> Enforcement is the sine qua non of law.  GDPR does not apply to purely
> US-based operators because there is no way for the EU to either compel
> our compliance or punish our noncompliance.
Please have a read:
https://gdpr.eu/compliance-checklist-us-companies/
If this applies to US companies do you think non-profit US SKS operators are
excempted?
I kindly request that Mr. Rude, for example, no longer provides key dumps to
the whole world, containing EU citizens data, without EU citizens consent.
https://keyserver.mattrude.com/dump/
Regards
Stefan
-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Hendrik Visage]

> On 15 Aug 2019, at 00:29 , Stefan Claas  wrote:
> 
> https://gdpr.eu/compliance-checklist-us-companies/ 
> 

Interesting wordings, ie.

The law also includes the threat of large fines for non-compliance, which can 
reach 4% of global revenue or €20 million, depending on the severity and 
circumstances

We recommend

So far, the EU’s reach has not been tested,

can help avoid drawing scrutiny from EU regulatory authorities

---
Hendrik Visage




signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Stefan Claas]

Robert J. Hansen wrote:

> Enforcement is the sine qua non of law.  GDPR does not apply to purely
> US-based operators because there is no way for the EU to either compel
> our compliance or punish our noncompliance.

Please have a read:

https://gdpr.eu/compliance-checklist-us-companies/

If this applies to US companies do you think non-profit US SKS operators are
excempted?

I kindly request that Mr. Rude, for example, no longer provides key dumps to
the whole world, containing EU citizens data, without EU citizens consent.

https://keyserver.mattrude.com/dump/

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
GPG: C93E252DFB3B4DB7EAEB846AD8D464B35E12AB77 (avail. on Hagrid, WKD)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Robert J. Hansen]

> Fair enough. Then you're ignoring the consequences (or rather believe
> that none exist) rather than saying that the GDPR wouldn't apply to US-
> based operators.

Enforcement is the sine qua non of law.  GDPR does not apply to purely
US-based operators because there is no way for the EU to either compel
our compliance or punish our noncompliance.

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Tobias Mueller]

Hi,

On Tue, 2019-08-13 at 11:59 -0400, Robert J. Hansen wrote:
>   If I, as a US citizen with no
> overseas business ties, receive a GDPR notice, I'm going to laugh and
> throw it away as it's not binding within the US.  The EU can't even
> haul me into court over it.
Fair enough. Then you're ignoring the consequences (or rather believe
that none exist) rather than saying that the GDPR wouldn't apply to US-
based operators.
Your assessment of the situation was wrong and deserved to be refuted.

Cheers,
  Tobi


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Ryan Hunt]

I don't believe anything you do in public has any expectation of privacy..
no moral qualms about it.

On Tue, Aug 13, 2019 at 10:09 AM Philihp Busby  wrote:

> You should respect their right to privacy, if not for legal ones, then
> moral.
>
> On Tue, Aug 13, 2019 at 16:04 Ryan Hunt  wrote:
>
>> EU Can write whatever it wants down on a piece of paper, but that dont
>> mean its anything more than a piece of paper to me... they have no
>> authority here, I don't recognize their authority and there is absolutely
>> nothing that they can do about it.. So it dont really matter if they say
>> its applicable to me, because its not.
>>
>> Argue semantics til your blue in the face, the end result is nobody doing
>> business with or within the EU has any obligation whatsoever to even
>> concern themselves with the GDPR.. and that's never going to change,
>> regardless what everyone's opinions are on the matter.
>>
>> -R
>>
>> On Tue, Aug 13, 2019 at 9:40 AM Tobias Mueller 
>> wrote:
>>
>>> Hi,
>>>
>>> On Tue, 2019-08-13 at 11:00 -0400, Robert J. Hansen wrote:
>>> > > They are!
>>> >
>>> > No, they're not.
>>> I think your assessment is wrong.
>>>
>>> >
>>> > There are (or at least were) a large number of US-based keyserver
>>> > operators who were immune to the GDPR.
>>>
>>> I fail to see how this is in accordance with the GDPR.
>>> Section 3.2 states¹:
>>>
>>> > This Regulation applies to the processing of personal data of data
>>> > subjects who are in the Union by a controller or processor not
>>> > established in the Union, where the processing activities are related
>>> > to:
>>> >
>>> > the offering of goods or services, irrespective of whether a
>>> > payment of the data subject is required, to such data subjects in the
>>> > Union
>>>
>>> This is exactly the case for OpenPGP Keyservers.
>>>
>>> Cheers,
>>>   Tobi
>>>
>>> 1: https://gdpr-info.eu/art-3-gdpr/
>>>
>>>
>>> ___
>>> Sks-devel mailing list
>>> Sks-devel@nongnu.org
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>
>> ___
>> Sks-devel mailing list
>> Sks-devel@nongnu.org
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>
>
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Philihp Busby]

You should respect their right to privacy, if not for legal ones, then
moral.

On Tue, Aug 13, 2019 at 16:04 Ryan Hunt  wrote:

> EU Can write whatever it wants down on a piece of paper, but that dont
> mean its anything more than a piece of paper to me... they have no
> authority here, I don't recognize their authority and there is absolutely
> nothing that they can do about it.. So it dont really matter if they say
> its applicable to me, because its not.
>
> Argue semantics til your blue in the face, the end result is nobody doing
> business with or within the EU has any obligation whatsoever to even
> concern themselves with the GDPR.. and that's never going to change,
> regardless what everyone's opinions are on the matter.
>
> -R
>
> On Tue, Aug 13, 2019 at 9:40 AM Tobias Mueller 
> wrote:
>
>> Hi,
>>
>> On Tue, 2019-08-13 at 11:00 -0400, Robert J. Hansen wrote:
>> > > They are!
>> >
>> > No, they're not.
>> I think your assessment is wrong.
>>
>> >
>> > There are (or at least were) a large number of US-based keyserver
>> > operators who were immune to the GDPR.
>>
>> I fail to see how this is in accordance with the GDPR.
>> Section 3.2 states¹:
>>
>> > This Regulation applies to the processing of personal data of data
>> > subjects who are in the Union by a controller or processor not
>> > established in the Union, where the processing activities are related
>> > to:
>> >
>> > the offering of goods or services, irrespective of whether a
>> > payment of the data subject is required, to such data subjects in the
>> > Union
>>
>> This is exactly the case for OpenPGP Keyservers.
>>
>> Cheers,
>>   Tobi
>>
>> 1: https://gdpr-info.eu/art-3-gdpr/
>>
>>
>> ___
>> Sks-devel mailing list
>> Sks-devel@nongnu.org
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Ryan Hunt]

EU Can write whatever it wants down on a piece of paper, but that dont mean
its anything more than a piece of paper to me... they have no authority
here, I don't recognize their authority and there is absolutely nothing
that they can do about it.. So it dont really matter if they say its
applicable to me, because its not.

Argue semantics til your blue in the face, the end result is nobody doing
business with or within the EU has any obligation whatsoever to even
concern themselves with the GDPR.. and that's never going to change,
regardless what everyone's opinions are on the matter.

-R

On Tue, Aug 13, 2019 at 9:40 AM Tobias Mueller 
wrote:

> Hi,
>
> On Tue, 2019-08-13 at 11:00 -0400, Robert J. Hansen wrote:
> > > They are!
> >
> > No, they're not.
> I think your assessment is wrong.
>
> >
> > There are (or at least were) a large number of US-based keyserver
> > operators who were immune to the GDPR.
>
> I fail to see how this is in accordance with the GDPR.
> Section 3.2 states¹:
>
> > This Regulation applies to the processing of personal data of data
> > subjects who are in the Union by a controller or processor not
> > established in the Union, where the processing activities are related
> > to:
> >
> > the offering of goods or services, irrespective of whether a
> > payment of the data subject is required, to such data subjects in the
> > Union
>
> This is exactly the case for OpenPGP Keyservers.
>
> Cheers,
>   Tobi
>
> 1: https://gdpr-info.eu/art-3-gdpr/
>
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Robert J. Hansen]

>> There are (or at least were) a large number of US-based keyserver
>> operators who were immune to the GDPR.
> 
> I fail to see how this is in accordance with the GDPR.

The EU is free to claim whatever authority it wants, but until it can
enforce that authority it's bluster.  If I, as a US citizen with no
overseas business ties, receive a GDPR notice, I'm going to laugh and
throw it away as it's not binding within the US.  The EU can't even haul
me into court over it.

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Tobias Mueller]

Hi,

On Tue, 2019-08-13 at 11:00 -0400, Robert J. Hansen wrote:
> > They are!
> 
> No, they're not.
I think your assessment is wrong.

> 
> There are (or at least were) a large number of US-based keyserver
> operators who were immune to the GDPR.

I fail to see how this is in accordance with the GDPR.
Section 3.2 states¹:

> This Regulation applies to the processing of personal data of data
> subjects who are in the Union by a controller or processor not
> established in the Union, where the processing activities are related
> to:
> 
> the offering of goods or services, irrespective of whether a
> payment of the data subject is required, to such data subjects in the
> Union

This is exactly the case for OpenPGP Keyservers.

Cheers,
  Tobi

1: https://gdpr-info.eu/art-3-gdpr/ 


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Klaus-Uwe Mitterer via Sks-devel]

None of that is correct. The GDPR does not only apply to business 
entities, it does not only apply to trade, it does not only apply to EU 
citizens and it does not only apply in EU member nations. For a short 
introduction, look at this article: 
 



Whether or not it is possible to actually enforce the GDPR outside the 
EU, however, is a different story.


On 13.08.19 17:00, Robert J. Hansen wrote:

They are!

No, they're not.

GDPR only applies to business entities that trade with EU citizens in EU
member nations.  If a German boards a flight in Colorado to travel to
Texas, they don't get to claim GDPR protections on their tickets.  It's
once the flight connects to an EU member state the airline has to worry
about GDPR.

There are (or at least were) a large number of US-based keyserver
operators who were immune to the GDPR.

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Robert J. Hansen]

> They are!

No, they're not.

GDPR only applies to business entities that trade with EU citizens in EU
member nations.  If a German boards a flight in Colorado to travel to
Texas, they don't get to claim GDPR protections on their tickets.  It's
once the flight connects to an EU member state the airline has to worry
about GDPR.

There are (or at least were) a large number of US-based keyserver
operators who were immune to the GDPR.

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Hendrik Visage]

Yakamo,

 Hmmm… please define/explain how servers hosted in the Republic of South Africa 
is subjected to GDPR? (We have our own/similar version, but NOT GDPR)



> On 13 Aug 2019, at 15:59 , st...@yakamo.org wrote:
> 
> They are!
> 
> Yakamo
> 
> On Tue, 13 Aug 2019 08:57:37 -0500
> Travis Megee  wrote:
> 
>> You're also assuming all admins are subject to GDPR.
>> 
>> Travis
>> 
>> On 8/13/2019 8:56 AM, st...@yakamo.org wrote:
>>> Also would like to point out that this is Kristian covering his own ass not 
>>> the admins!
>>> 
>>> Please read it again!
>>> 
>>> Yakamo
>>> 
>>> 
>>> On Tue, 13 Aug 2019 15:46:39 +0200
>>> Tobias Frei  wrote:
>>> 
 Hi Yakamo,
 
 Have you already seen these two messages?
 
 https://lists.nongnu.org/archive/html/sks-devel/2019-02/msg00070.html
 
 https://lists.nongnu.org/archive/html/sks-devel/2019-03/msg00026.html
 
 Best regards
 Tobias Frei
 
 Am 13.08.19 um 15:41 schrieb st...@yakamo.org:
> Hi Boti,
> 
> SKS servers are breaking the GDPR in multiple ways, its just a matter of 
> time before something happens.
> 
> All it would take is one motivated person and things get serious real 
> quick.
> 
> Especially i would say right now for the admin of mattrude or any others 
> allowing the free distribution to any third party of the keys via dumps, 
> without user consent which doesnt work with the GDPR at all, this is sure 
> to turn to a nightmare real fast for those admins.
> 
> Yakamo
> 
> 
> On Tue, 13 Aug 2019 09:02:20 +0200
> b...@makacs.duf.hu wrote:
> 
>> In many country of EU there were a period of patience to let firms fully 
>> covers their GDPR implementation.
>> 
>> However we have GDPR in effect last two years but authorities still had 
>> a so called "soft" penalty or no penalty just warn practice which is 
>> nearly over.
>> 
>> In mid and longer term the penalty fees will be harmonized. Today every 
>> country has its own penalty fees and penalty practice.
>> 
>> There is no more exceptions anymore such as it is technically impossible 
>> to delete data, etc.
>> 
>> So will the blockchain illegal among with sks in EU if stored data has 
>> PI records?
>> 
>> Cheers,
>>Boti
 ___
 Sks-devel mailing list
 Sks-devel@nongnu.org
 https://lists.nongnu.org/mailman/listinfo/sks-devel
>>> 
>> 
>> 
> 
> 
> --
> 
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel

---
Hendrik Visage
HeViS.Co Systems Pty Ltd
T/A Envisage Systems / Envisage Cloud Solutions
+27-84-612-5345 or +27-21-945-1192
hvis...@envisage.co.za





signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[stuff]

They are!

Yakamo

On Tue, 13 Aug 2019 08:57:37 -0500
Travis Megee  wrote:

> You're also assuming all admins are subject to GDPR.
> 
> Travis
> 
> On 8/13/2019 8:56 AM, st...@yakamo.org wrote:
> > Also would like to point out that this is Kristian covering his own ass not 
> > the admins!
> >
> > Please read it again!
> >
> > Yakamo
> >
> >
> > On Tue, 13 Aug 2019 15:46:39 +0200
> > Tobias Frei  wrote:
> >
> >> Hi Yakamo,
> >>
> >> Have you already seen these two messages?
> >>
> >> https://lists.nongnu.org/archive/html/sks-devel/2019-02/msg00070.html
> >>
> >> https://lists.nongnu.org/archive/html/sks-devel/2019-03/msg00026.html
> >>
> >> Best regards
> >> Tobias Frei
> >>
> >> Am 13.08.19 um 15:41 schrieb st...@yakamo.org:
> >>> Hi Boti,
> >>>
> >>> SKS servers are breaking the GDPR in multiple ways, its just a matter of 
> >>> time before something happens.
> >>>
> >>> All it would take is one motivated person and things get serious real 
> >>> quick.
> >>>
> >>> Especially i would say right now for the admin of mattrude or any others 
> >>> allowing the free distribution to any third party of the keys via dumps, 
> >>> without user consent which doesnt work with the GDPR at all, this is sure 
> >>> to turn to a nightmare real fast for those admins.
> >>>
> >>> Yakamo
> >>>
> >>>
> >>> On Tue, 13 Aug 2019 09:02:20 +0200
> >>> b...@makacs.duf.hu wrote:
> >>>
>  In many country of EU there were a period of patience to let firms fully 
>  covers their GDPR implementation.
> 
>  However we have GDPR in effect last two years but authorities still had 
>  a so called "soft" penalty or no penalty just warn practice which is 
>  nearly over.
> 
>  In mid and longer term the penalty fees will be harmonized. Today every 
>  country has its own penalty fees and penalty practice.
> 
>  There is no more exceptions anymore such as it is technically impossible 
>  to delete data, etc.
> 
>  So will the blockchain illegal among with sks in EU if stored data has 
>  PI records?
> 
>  Cheers,
>  Boti
> >> ___
> >> Sks-devel mailing list
> >> Sks-devel@nongnu.org
> >> https://lists.nongnu.org/mailman/listinfo/sks-devel
> >
> 
> 


-- 


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Travis Megee]

You're also assuming all admins are subject to GDPR.

Travis

On 8/13/2019 8:56 AM, st...@yakamo.org wrote:
> Also would like to point out that this is Kristian covering his own ass not 
> the admins!
>
> Please read it again!
>
> Yakamo
>
>
> On Tue, 13 Aug 2019 15:46:39 +0200
> Tobias Frei  wrote:
>
>> Hi Yakamo,
>>
>> Have you already seen these two messages?
>>
>> https://lists.nongnu.org/archive/html/sks-devel/2019-02/msg00070.html
>>
>> https://lists.nongnu.org/archive/html/sks-devel/2019-03/msg00026.html
>>
>> Best regards
>> Tobias Frei
>>
>> Am 13.08.19 um 15:41 schrieb st...@yakamo.org:
>>> Hi Boti,
>>>
>>> SKS servers are breaking the GDPR in multiple ways, its just a matter of 
>>> time before something happens.
>>>
>>> All it would take is one motivated person and things get serious real quick.
>>>
>>> Especially i would say right now for the admin of mattrude or any others 
>>> allowing the free distribution to any third party of the keys via dumps, 
>>> without user consent which doesnt work with the GDPR at all, this is sure 
>>> to turn to a nightmare real fast for those admins.
>>>
>>> Yakamo
>>>
>>>
>>> On Tue, 13 Aug 2019 09:02:20 +0200
>>> b...@makacs.duf.hu wrote:
>>>
 In many country of EU there were a period of patience to let firms fully 
 covers their GDPR implementation.

 However we have GDPR in effect last two years but authorities still had a 
 so called "soft" penalty or no penalty just warn practice which is nearly 
 over.

 In mid and longer term the penalty fees will be harmonized. Today every 
 country has its own penalty fees and penalty practice.

 There is no more exceptions anymore such as it is technically impossible 
 to delete data, etc.

 So will the blockchain illegal among with sks in EU if stored data has PI 
 records?

 Cheers,
 Boti
>> ___
>> Sks-devel mailing list
>> Sks-devel@nongnu.org
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>




signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[stuff]

Also would like to point out that this is Kristian covering his own ass not the 
admins!

Please read it again!

Yakamo


On Tue, 13 Aug 2019 15:46:39 +0200
Tobias Frei  wrote:

> Hi Yakamo,
> 
> Have you already seen these two messages?
> 
> https://lists.nongnu.org/archive/html/sks-devel/2019-02/msg00070.html
> 
> https://lists.nongnu.org/archive/html/sks-devel/2019-03/msg00026.html
> 
> Best regards
> Tobias Frei
> 
> Am 13.08.19 um 15:41 schrieb st...@yakamo.org:
> > Hi Boti,
> >
> > SKS servers are breaking the GDPR in multiple ways, its just a matter of 
> > time before something happens.
> >
> > All it would take is one motivated person and things get serious real quick.
> >
> > Especially i would say right now for the admin of mattrude or any others 
> > allowing the free distribution to any third party of the keys via dumps, 
> > without user consent which doesnt work with the GDPR at all, this is sure 
> > to turn to a nightmare real fast for those admins.
> >
> > Yakamo
> >
> >
> > On Tue, 13 Aug 2019 09:02:20 +0200
> > b...@makacs.duf.hu wrote:
> >
> >> In many country of EU there were a period of patience to let firms fully 
> >> covers their GDPR implementation.
> >>
> >> However we have GDPR in effect last two years but authorities still had a 
> >> so called "soft" penalty or no penalty just warn practice which is nearly 
> >> over.
> >>
> >> In mid and longer term the penalty fees will be harmonized. Today every 
> >> country has its own penalty fees and penalty practice.
> >>
> >> There is no more exceptions anymore such as it is technically impossible 
> >> to delete data, etc.
> >>
> >> So will the blockchain illegal among with sks in EU if stored data has PI 
> >> records?
> >>
> >> Cheers,
> >> Boti
> >
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel


-- 


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[stuff]

Yes i have, and the important key part here is that it was sent to the wrong 
individual to handle it. So it was dismissed, its important to take note of 
that.

Kristian has made the error in assuming this covers the admins, it does not!

That person needs to reapply and make sure they are targeting the correct 
individual(s)!

Yakamo

On Tue, 13 Aug 2019 15:46:39 +0200
Tobias Frei  wrote:

> Hi Yakamo,
> 
> Have you already seen these two messages?
> 
> https://lists.nongnu.org/archive/html/sks-devel/2019-02/msg00070.html
> 
> https://lists.nongnu.org/archive/html/sks-devel/2019-03/msg00026.html
> 
> Best regards
> Tobias Frei
> 
> Am 13.08.19 um 15:41 schrieb st...@yakamo.org:
> > Hi Boti,
> >
> > SKS servers are breaking the GDPR in multiple ways, its just a matter of 
> > time before something happens.
> >
> > All it would take is one motivated person and things get serious real quick.
> >
> > Especially i would say right now for the admin of mattrude or any others 
> > allowing the free distribution to any third party of the keys via dumps, 
> > without user consent which doesnt work with the GDPR at all, this is sure 
> > to turn to a nightmare real fast for those admins.
> >
> > Yakamo
> >
> >
> > On Tue, 13 Aug 2019 09:02:20 +0200
> > b...@makacs.duf.hu wrote:
> >
> >> In many country of EU there were a period of patience to let firms fully 
> >> covers their GDPR implementation.
> >>
> >> However we have GDPR in effect last two years but authorities still had a 
> >> so called "soft" penalty or no penalty just warn practice which is nearly 
> >> over.
> >>
> >> In mid and longer term the penalty fees will be harmonized. Today every 
> >> country has its own penalty fees and penalty practice.
> >>
> >> There is no more exceptions anymore such as it is technically impossible 
> >> to delete data, etc.
> >>
> >> So will the blockchain illegal among with sks in EU if stored data has PI 
> >> records?
> >>
> >> Cheers,
> >> Boti
> >
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel


-- 


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Tobias Frei]

Hi Yakamo,

Have you already seen these two messages?

https://lists.nongnu.org/archive/html/sks-devel/2019-02/msg00070.html

https://lists.nongnu.org/archive/html/sks-devel/2019-03/msg00026.html

Best regards
Tobias Frei

Am 13.08.19 um 15:41 schrieb st...@yakamo.org:

Hi Boti,

SKS servers are breaking the GDPR in multiple ways, its just a matter of time 
before something happens.

All it would take is one motivated person and things get serious real quick.

Especially i would say right now for the admin of mattrude or any others 
allowing the free distribution to any third party of the keys via dumps, 
without user consent which doesnt work with the GDPR at all, this is sure to 
turn to a nightmare real fast for those admins.

Yakamo


On Tue, 13 Aug 2019 09:02:20 +0200
b...@makacs.duf.hu wrote:


In many country of EU there were a period of patience to let firms fully covers 
their GDPR implementation.

However we have GDPR in effect last two years but authorities still had a so called 
"soft" penalty or no penalty just warn practice which is nearly over.

In mid and longer term the penalty fees will be harmonized. Today every country 
has its own penalty fees and penalty practice.

There is no more exceptions anymore such as it is technically impossible to 
delete data, etc.

So will the blockchain illegal among with sks in EU if stored data has PI 
records?

Cheers,
Boti




___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[stuff]

Hi Boti,

SKS servers are breaking the GDPR in multiple ways, its just a matter of time 
before something happens.

All it would take is one motivated person and things get serious real quick.

Especially i would say right now for the admin of mattrude or any others 
allowing the free distribution to any third party of the keys via dumps, 
without user consent which doesnt work with the GDPR at all, this is sure to 
turn to a nightmare real fast for those admins.

Yakamo


On Tue, 13 Aug 2019 09:02:20 +0200
b...@makacs.duf.hu wrote:

> In many country of EU there were a period of patience to let firms fully 
> covers their GDPR implementation. 
> 
> However we have GDPR in effect last two years but authorities still had a so 
> called "soft" penalty or no penalty just warn practice which is nearly over.
> 
> In mid and longer term the penalty fees will be harmonized. Today every 
> country has its own penalty fees and penalty practice.
> 
> There is no more exceptions anymore such as it is technically impossible to 
> delete data, etc.
> 
> So will the blockchain illegal among with sks in EU if stored data has PI 
> records?
> 
> Cheers,
>Boti


-- 


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[boti]

In many country of EU there were a period of patience to let firms fully covers their GDPR implementation. However we have GDPR in effect last two years but authorities still had a so called "soft" penalty or no penalty just warn practice which is nearly over.In mid and longer term the penalty fees will be harmonized. Today every country has its own penalty fees and penalty practice.There is no more exceptions anymore such as it is technically impossible to delete data, etc.So will the blockchain illegal among with sks in EU if stored data has PI records?Cheers,   Boti___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[stuff]

ive seen it go as low as 12.

On Tue, 13 Aug 2019 06:38:44 +0200 (CEST)
"Kiss Gabor (Bitman)"  wrote:

> > > At this moment there is only 27 members of pool.sks-keyservers.net.
> > 
> > JFR: The new negative record is 25...
> 
> 21.
> 
> Gabor
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel


-- 


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Kiss Gabor (Bitman)]

> > At this moment there is only 27 members of pool.sks-keyservers.net.
> 
> JFR: The new negative record is 25...

21.

Gabor

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Kiss Gabor (Bitman)]

On Fri, 21 Jun 2019, Kiss Gabor (Bitman) wrote:

> At this moment there is only 27 members of pool.sks-keyservers.net.

JFR: The new negative record is 25...

Gabor

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Todd Fleisher]

SKS logs to syslog, so it gets picked up by log rotate automatically. As for 
the DB itself, make sure you put the sample DB_CONFIG file in place in your 
KDB/DB and PTree directories before you started the SKS DB process to handle 
the DB log files.

-T

> On Jun 23, 2019, at 9:05 AM, Skip Carter  wrote:
> 
> What do you do for log management ?



signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Skip Carter]

On Fri, 2019-06-21 at 12:22 -0700, Todd Fleisher wrote:

> FWIW - in my experience, once you get things setup & dialed-in there
> is no need for daily poking at it. My load balanced pools have been
> running for months with only the occasional intervention required by
> me.

What do you do for log management ? 


-- 
Dr Everett (Skip) Carter
s...@taygeta.com

Taygeta Scientific Inc
607 Charles Ave
Seaside CA 93955
831-641-0645 x103




signature.asc
Description: This is a digitally signed message part
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Todd Fleisher]

> On Jun 21, 2019, at 8:00 AM, Skip Carter  wrote:
> 
> Signed PGP part
> As a newcomer to the pool, I have to agree.
> There are several impediments to becoming a keyserver that just
> shouldn't be and the need for daily poking at it is just one of those
> things.  There were several times where I was just ready to give up on
> it.

FWIW - in my experience, once you get things setup & dialed-in there is no need 
for daily poking at it. My load balanced pools have been running for months 
with only the occasional intervention required by me.

> On Jun 21, 2019, at 6:21 AM, Hendrik Visage  wrote:
> 
> The word “cluster” there is the “problem” for hobby setups: we now have to 
> source at least 2x 8GB RAM VMs, where the previous single 2-4GB VMs were 
> sufficient to keep going

I can understand the frustration, but things change and in the current state of 
the SKS network more resources are required. I’d also say the idea of this 
being a “hobby” is in direct opposition to this being a public, production 
service that people rely on which IMO would always dictate at least 3 nodes for 
redundancy.

> On Jun 21, 2019, at 12:33 AM, Kristian Fiskerstrand 
>  wrote:
> 
> No, issuing certificates to servers not being able to keep up doesn't
> improve the experience from anyone (the number of complaints I get from
> users has dropped significantly). And its not really a strict
> requirement, one can set up VMs / chroots for it on a relatively small
> server.

This could mean that people are having less issues with the HKPS pool, but it’s 
also possible there are other reasons for a decrease in complaints. Personally, 
I switched my systems (and the systems of users I support) away from using the 
HKPS pool in favor of using my server(s) due to the ongoing complaints about 
intermittent availability & performance issues in the HKPS pool. That’s not 
meant as a dig on your approach, just letting you know my experience. On the 
contrary, I found you to be quite responsive last September when I reported a 
major issue with 2/3 of the servers in the HKPS pool generating 502 errors.

-T



signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Skip Carter]

As a newcomer to the pool, I have to agree.
There are several impediments to becoming a keyserver that just
shouldn't be and the need for daily poking at it is just one of those
things.  There were several times where I was just ready to give up on
it.
 
On Fri, 2019-06-21 at 07:43 -0500, Daniel Roesler wrote:
> I'd love to keep my server in the pool consistently, but until
> Issue #61 is resolved[1], my server will spike to 100% CPU for
> several minutes and become unresponsive as it tries to deal with
> the huge troll keys. Running a server in the pool is no longer
> a hobby project, and you have to constantly be restarting or
> reconfiguring your server to keep it running.
> 
> Overall, I think the main reason why the pool has shrunk so much
> is because of this issue.
> 


-- 
Dr Everett (Skip) Carter
s...@taygeta.com

Taygeta Scientific Inc
607 Charles Ave
Seaside CA 93955
831-641-0645 x103




signature.asc
Description: This is a digitally signed message part
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Hendrik Visage]

> On 21 Jun 2019, at 15:14 , Kristian Fiskerstrand 
>  wrote:
> 
> Signed PGP part
> On 6/21/19 2:43 PM, Daniel Roesler wrote:
>> I'd love to keep my server in the pool consistently, but until
>> Issue #61 is resolved[1], my server will spike to 100% CPU for
>> several minutes and become unresponsive as it tries to deal with
>> the huge troll keys.
> 
> Sure, but this isn't an issue if you have multi-node cluster as the
> other servers will never recon at the same time, hence the requirement
> for hkps.
> 
>> Running a server in the pool is no longer
>> a hobby project, and you have to constantly be restarting or
>> reconfiguring your server to keep it running.
> 
> Not that much, but you need at least 8 GiB of RAM allocated for each
> node and sufficient swap or recon will often get OOM-killed.

The word “cluster” there is the “problem” for hobby setups: we now have to 
source at least 2x 8GB RAM VMs, where the previous single 2-4GB VMs were 
sufficient to keep going

> --
> 
> Kristian Fiskerstrand
> Blog: https://blog.sumptuouscapital.com
> Twitter: @krifisk
> 
> Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
> fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
> 
> Corruptissima re publica plurimæ leges
> The greater the degeneration of the republic, the more of its laws
> 
> 
> 

---
Hendrik Visage
HeViS.Co Systems Pty Ltd
T/A Envisage Systems / Envisage Cloud Solutions
+27-84-612-5345 or +27-21-945-1192
hvis...@envisage.co.za





signature.asc
Description: Message signed with OpenPGP
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Kristian Fiskerstrand]

On 6/21/19 2:43 PM, Daniel Roesler wrote:
> I'd love to keep my server in the pool consistently, but until
> Issue #61 is resolved[1], my server will spike to 100% CPU for
> several minutes and become unresponsive as it tries to deal with
> the huge troll keys.

Sure, but this isn't an issue if you have multi-node cluster as the
other servers will never recon at the same time, hence the requirement
for hkps.

> Running a server in the pool is no longer
> a hobby project, and you have to constantly be restarting or
> reconfiguring your server to keep it running.

Not that much, but you need at least 8 GiB of RAM allocated for each
node and sufficient swap or recon will often get OOM-killed.
-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Daniel Roesler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I'd love to keep my server in the pool consistently, but until
Issue #61 is resolved[1], my server will spike to 100% CPU for
several minutes and become unresponsive as it tries to deal with
the huge troll keys. Running a server in the pool is no longer
a hobby project, and you have to constantly be restarting or
reconfiguring your server to keep it running.

Overall, I think the main reason why the pool has shrunk so much
is because of this issue.

Daniel

[1]: https://bitbucket.org/skskeyserver/sks-keyserver/issues/61

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBCgAGBQJdDNDcAAoJEMtwcDcM6wt6oX4H/0hd4NwCXBwlv23yywK6zT+y
jg7WG3BjJPMQCpf33cgu2PxBoJb8Kxt24bZoK9uymJrplweq4qbI0SgXDyQDTdcr
EZ3Nk72h4W25RA4dh+WzqjSJbY+rYsM8cACST5wiNeWWM4wH937lCzl/VklnpmQ2
3m4q4zwceBZRCb9B+0+6UreocSn7k0iKATK9ZKnfD0r/Sg5wcGN7JCkCfuMyiK5p
MClZPlYdRpWFdk62aSLC7eUkeY+F1IWOXtNkqWBuPipZ3/KuTgcFys/BfeJKPYKR
i3cHnJu2VgM+Gkd+3fBRvCQ9vUX5DKFrXXBEoar7DWaHKOB3NKmhx3h1kJX5aFw=
=1dHi
-END PGP SIGNATURE-

On Fri, Jun 21, 2019 at 2:40 AM Kristian Fiskerstrand
 wrote:
>
> On 6/21/19 6:53 AM, Kiss Gabor (Bitman) wrote:
> > Dear Kristian,
>
> Hi Gabor,
>
> >
> > At this moment there is only 27 members of pool.sks-keyservers.net.
> > And no more than 3 HKPS server are enlisted.
> > It is a real possibility that this number drops below 1.
> >
>
> Below 2 is actually the minimum for it to operate due to some gnupg
> internals. But it is relatively stable on 3-4.
>
> > Don't you want to revise your strict policy about issuing certificates?
>
> No, issuing certificates to servers not being able to keep up doesn't
> improve the experience from anyone (the number of complaints I get from
> users has dropped significantly). And its not really a strict
> requirement, one can set up VMs / chroots for it on a relatively small
> server.
>
>
> --
> 
> Kristian Fiskerstrand
> Blog: https://blog.sumptuouscapital.com
> Twitter: @krifisk
> 
> Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
> fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
> 
> Corruptissima re publica plurimæ leges
> The greater the degeneration of the republic, the more of its laws
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] The pool is shrinking

[Kristian Fiskerstrand]

On 6/21/19 6:53 AM, Kiss Gabor (Bitman) wrote:
> Dear Kristian,

Hi Gabor,

> 
> At this moment there is only 27 members of pool.sks-keyservers.net.
> And no more than 3 HKPS server are enlisted.
> It is a real possibility that this number drops below 1.
> 

Below 2 is actually the minimum for it to operate due to some gnupg
internals. But it is relatively stable on 3-4.

> Don't you want to revise your strict policy about issuing certificates?

No, issuing certificates to servers not being able to keep up doesn't
improve the experience from anyone (the number of complaints I get from
users has dropped significantly). And its not really a strict
requirement, one can set up VMs / chroots for it on a relatively small
server.


-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Corruptissima re publica plurimæ leges
The greater the degeneration of the republic, the more of its laws



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] The pool is shrinking

[Kiss Gabor (Bitman)]

Dear Kristian,

At this moment there is only 27 members of pool.sks-keyservers.net.
And no more than 3 HKPS server are enlisted.
It is a real possibility that this number drops below 1.

Don't you want to revise your strict policy about issuing certificates?

Regards

Gabor

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel