Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Georg Faerber]

Hi,

On 18-11-15 22:58:37, Georg Faerber wrote:
> On 18-11-15 23:56:07, Moritz Wirth wrote:
> > keys.flanga.io will cease operation - we received a request to remove
> > some keys and since we are unable to do this, we will shutdown all
> > keyservers and erase all relevant databases immediately.
> 
> Would it be possible to share this request, omitting sensitive
> details?

I'm still interested in this.

Cheers,
Georg


signature.asc
Description: Digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Neil Alexander]

> sadly we've had this situation happening several times in the past as
> well, the GDPR rules aren't actually novel in Europe. There is however a
> lot of FUD involved in it, and the actual legal action for a keyserver
> to be shut down has yet to be seen (in a non-voluntary basis). I'm happy
> to stay up for a while until we see any actual legal challenge to it.
>
> In any case, the discussions we've seen lately aren't really about
> security; nor really about privacy; they are about argumentum ad hominem
> against the operators of the traditional keyserver network, in favor of
> alternative communication channels and in particular certificate
> authorities in the form of "validating keyservers". I don't care much
> for them for various reasons, but I also don't mind them being a part of
> the ecosystem (as long as users understand their position).

If you don't mind my contributing an outsider opinion here, you do have a number
of technical problems, but they are all completely overshadowed by a larger
perception problem. That's that nobody really seems to know what the goals of
the keyserver network are, and no one seems to know what to expect when they use
them.

For example, the following things aren't clear to a new user:

- whether their keys and identifiable data will be stored forever
- to where their keys and identifiable data will be replicated
- whether revoking their keys will actually remove the original keys or their
  identifiable data (like email addresses) in any way
- whether updating the UIDs or metadata associated with their keys will actually
  remove the old identifiable data

Nor is it particularly obvious to someone who walks into the community whether
your goals include:

- being censorship or government-resistant
- being highly available
- verifying and guaranteeing data integrity
- respecting user wishes for data removal

... or even none of the above. Certainly I feel like I am asking those very
questions, both as a user and as someone who has stumbled across the mailing
list.

With that in mind, I am not wholly surprised to find that people react badly
when they find out they can't withdraw their data and they don't know where it
has been replicated to and there's nothing they can do about it. Equally I also
wouldn't be terribly surprised to find that there aren't many people stepping up
to develop SKS further when they don't know what they should be creating.

I am not even sure where to go to find out this information!

Furthermore, GDPR might not be "new" in essence but it has cast rather a lot of
light onto the issues of data custodianship and retention. If your goal is to
provide a public service then some consideration needs to be given to this, even
if the solution is just to somehow make it very clear to users what to expect
when submitting or requesting data from the keyservers.

As for the PoCs, well, those are more likely to create problems not particularly
for users but for server operators. Stability issues aside, if an SKS server is
accepting payloads with arbitrary and otherwise unverified data, replicating it
and then storing it indefinitely in an immutable fashion, then it suddenly
becomes very unsafe for someone to take the risk of running an SKS node. 

I understand that there is some reluctance to fix what seems mostly to be a
hypothetical legal scenario, but what has to be uploaded to the keyservers
before someone steps up, takes note and fixes the problem? More copyright
material? Revenge info like someone's phone # and home address? Child
pornography?

Looking at the mailing list, there have been a substantial number of operators
not willing to take that risk.

If the SKS network is going to be lasting and useful then I am not convinced the
community can afford to ignore these problems any longer.
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[dirk astrath]

Hello,

I didn' read all mails of this topic, but the GDPR-issue was already
named over half a year ago:

I somebody orders me (directly or via a lawyer) to remove personal data
like special key-data from the keyserver-database, I have two choices:

(a) Shutdown my keyserver (to avoid any lawsuits)
(b) Fight a lawsuit

Here in germany it's possible for individuals or organisations to send a
so-called "Unterlassungserklärung" (declaration of discontinuance) from
a layer, which is quite expensive.

Even if I sign this declaration and take immediate actions, there may be
costs (for the lawyer of the "other" site), which can be quite high
(several hundreds/thousands of euros).

Therefore I decided to shut down my own keyservers ... and advised the
association I ran more keyservers to either take the risk or shut down
their keyservers, too (Both decisions have been: Shutdown and monitor
the mailingist/... to activate it later again).

Back to the topic:

As an individual (especially in germany) the risk for a lawsuit for
GDPR-issues is too high ... and I assume, that most keyservers are run
by individuals and not by companies.

While reading several mails having this subject another issue was named:

Assume, somebody adds copyrighted material (like an image, a small
sound-file etc.) to a key and uploads this key to a server within the
keyserver-network.

As soon as this key can be downloaded from this (and due to
synchronisation) from any keyservers the keyserver-network distributes
this copyrighted material.

How can this issue be handled? Who will take the risk for fighting a
lawsuit?

If necessary, I can talk to a lawyer and ask about his viewpoint about
the GDPR and copyright-issue. (He is active within our local
opensource/free-software-community, so this will be free-of-charge)

Kind regards,

dirk

On 16.11.2018 16:29, Andrew Gallagher wrote:
> On 16/11/2018 16:19, Keith Erekson wrote:
>> Standard "I am not a lawyer" disclaimer applies, but it is my impression
>> (both from speaking to people who know more than I do about this, and
>> from reading article 17 of the GDPR) that the "right to be forgotten"
>> isn't necessarily absolute.
> 
> That is also my understanding.
> 
>> Meaning that if one were to receive such a request, and it is *not
>> possible* to remove the data, this doesn't automatically mean that the
>> only recourse is to shut down the service. Specifically, this language
>> is the part that catches my attention: "the controller, taking account
>> of available technology and the cost of implementation, shall take
>> reasonable steps, including technical measures, to inform controllers..."
> 
> "Reasonable" is a commonly encountered word in data protection law, and
> what is or is not "reasonable" is a matter of interpretation.
> 
> The answer to this and many other questions about GDPR is that nobody
> really knows for sure, not even the experts, and the only way to find
> out is to wait for a test case to bring enlightenment. Until that
> happens, even the most learned advice will be hedged with a thicket of
> qualified assumptions.
> 
> 
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 




signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Andrew Gallagher]

On 16/11/2018 16:19, Keith Erekson wrote:
> Standard "I am not a lawyer" disclaimer applies, but it is my impression
> (both from speaking to people who know more than I do about this, and
> from reading article 17 of the GDPR) that the "right to be forgotten"
> isn't necessarily absolute.

That is also my understanding.

> Meaning that if one were to receive such a request, and it is *not
> possible* to remove the data, this doesn't automatically mean that the
> only recourse is to shut down the service. Specifically, this language
> is the part that catches my attention: "the controller, taking account
> of available technology and the cost of implementation, shall take
> reasonable steps, including technical measures, to inform controllers..."

"Reasonable" is a commonly encountered word in data protection law, and
what is or is not "reasonable" is a matter of interpretation.

The answer to this and many other questions about GDPR is that nobody
really knows for sure, not even the experts, and the only way to find
out is to wait for a test case to bring enlightenment. Until that
happens, even the most learned advice will be hedged with a thicket of
qualified assumptions.

-- 
Andrew Gallagher



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Keith Erekson]

Standard "I am not a lawyer" disclaimer applies, but it is my impression
(both from speaking to people who know more than I do about this, and
from reading article 17 of the GDPR) that the "right to be forgotten"
isn't necessarily absolute.

Meaning that if one were to receive such a request, and it is *not
possible* to remove the data, this doesn't automatically mean that the
only recourse is to shut down the service. Specifically, this language
is the part that catches my attention: "the controller, taking account
of available technology and the cost of implementation, shall take
reasonable steps, including technical measures, to inform controllers..."

Perhaps someone who has access to a lawyer could ask for clarification
on this? Speculation about what implications GDPR may or may not have
for the SKS network isn't especially productive, in my opinion. (I say
this as someone who might be shielded from liability by an employer's
legal counsel, however.)

Regarding the resource usage and/or instability of the SKS keyserver
itself, there are some of us who don't need to care about this,
thankfully ;-)

I maintain a keyserver in a VM at work, where its CPU/disk/bandwidth
usage are a proverbial drop in the bucket. As long as it keeps running
with minimal oversight on my part, I'm happy to provide this service.
The same applies to the mirrors that we operate.

Obviously this is a luxury and is not the case for many (most?) admins,
and I would never blame anyone for ceasing to volunteer their
resources/time for a project like this, but it is not necessarily a
problem for *all* of us that these issues have become (more) apparent in
the last year or so.

Just my two cents.

~Keith

On 11/15/18 6:50 PM, Moritz Wirth wrote:
> I asked to be allowed to share some more details, however the request
> was to remove/prevent indexing of 2 keys stored on our keyservers -
> including copies of ID's to verify the request as required by the
> european data protection law. Since it is not possible to prevent the
> indexing of data, I think the only possible way to handle this request
> is to shut them down. I don't see a reason to fight this - it is the
> right of someone to get his/her data removed so we are required to do
> this regardless of how crappy that law might be. If someone decides to
> ignore it, it's up on them.
>
> Am 16.11.18 um 00:31 schrieb Mike:
>
>> Fabian, im sure you can tell that nothings going to change :(
>>
>> But maybe these shutdowns in protest will provoke change, before its too 
>> late?
>>
>> On Thu, 15 Nov 2018 23:23:43 +
>> "Fabian A. Santiago"  wrote:
>>
>>> Wow! I’d love to see that as well.
>>>
>>> I just saw Kristian’s post with his email exchange. It’s a shame the 
>>> situation is going down like this. I do hope a proper solution can be found 
>>> so I and hopefully others can return to contributing to the network, should 
>>> the mode of operation dictate and stay this way.
>>>
>>> --
>>>
>>> Thanks,
>>>
>>> Fabian S.
>>>
>>> OpenPGP:
>>>
>>> 0x643082042DC83E6D94B86C405E3DAA18A1C22D8F
>>>
>>> On Thu, Nov 15, 2018 at 5:58 PM, Georg Faerber  wrote:
>>>
 Hi,

 On 18-11-15 23:56:07, Moritz Wirth wrote:
> keys.flanga.io will cease operation - we received a request to remove
> some keys and since we are unable to do this, we will shutdown all
> keyservers and erase all relevant databases immediately.
 Would it be possible to share this request, omitting sensitive details?

 Cheers,
 Georg
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel


signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Kristian Fiskerstrand]

On 11/16/18 2:08 AM, Matthew Walster wrote:
> Good lord, Kristian, you have to deal with these people on a regular basis?

Yes

-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

"Expect the best. Prepare for the worst. Capitalize on what comes."
(Zig Ziglar)



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Robert J. Hansen]

> Kristian says in his interview the network was not designed to be resilient?

Kinda-sorta.  The basic keyserver architecture was designed in the very
early 1990s, and it's really quite resilient against the sorts of
threats we saw in the 1990s.

But the threat actors and their capabilities have vastly changed since
1992, and the network was not designed to be secure against the threats
that would emerge a quarter-century later.

> So why is the network made immutable by design?

If you don't understand how this was important in the 1990s and why,
perhaps you should take that as a hint you don't know the system
anywhere near as well as you insist you do.

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[DevPGSV Pablo]

I'm not an active member of this community.

I represent a group of people. We recently set up a SKS Keyserver as a way
to contribute to the community.
We have had a lot of problems, but we don't have the knowledge and the
experience to contribute to the code or to submit pull requests.

I like the SKS Keyserver. I'm glad it exists and I plan on continue using
it.

However I'm also glad the is someone with knownledge thinking about
starting from scratch taking into account the concerns of the community in
order to offer a modern keyserver.

Ryan, I'd like to offer my help in the development of the solution you are
drafting up.

- Pablo Salmones




El vie., 16 nov. 2018 a las 3:47, Ryan Hunt () escribió:

> I’ve been contributing to those discussions and helping come up with those
> solutions your referencing, not beating on drums.. everyone here knows what
> the issues are and everyone has been honest about em, this entire mailer’s
> history is free to review and nobody has been hiding anything.. I just
> passed a decade subscribed to this mailing list.. Despite all the
> discussions that have taken place, you keep ringing the bell over and over
> with your cute little blog.
>
> Right now I’m drafting up a replacement solution and might POC some code
> for a future proposal if I manage to find the time.. because I’ve got
> experience and solutions, just not a lot of free time to implement a
> project this complex.. so if everyone here is going to depend on me for
> development, well its not going to get very far.. but mebe I can get
> something off the ground in a modular framework that more people can work
> with than the existing codebase.
>
> Your other projects do not address the role of the SKS network, there is a
> need for a distributed list of keys.. for example a friend I grew up with
> now maintains architectural software builds for a popular Linux
> distribution, he needs to validate signatures of keys completely automated
> and in high volume coming from disperse projects and upstream sources.. We
> run a key server just for this task so he’s not hammering and abusing other
> key keyservers.. he needs to federate with a decentralized dataset or all
> that automation starts breaking… He also dont have any need to concern him
> self with GDPR or nonsensical keys or copyrighted material since its only
> his build environments that is accessing them.
>
> -Ryan
>
> On Nov 15, 2018, at 7:07 PM, stuff  wrote:
>
> I think at least a warning should be given to the admins so they
> understand the full legal risks of running a keyserver.
>
> as far as solutions once again ive actually pointed out that people in the
> comminity have already come up with solutions so i dont see the need to
> iterate over the same ideas, i actually link to one post in one of my
> articles about solutions on here. ive also reeferenced other projects. so i
> have contributed some solutions and pointed out better ones by others.
>
> i also dont think its needed to be insulting in a debate, its not
> constructive.
>
> What have you done to try and change things Ryan?
>
> On Thu, 15 Nov 2018 18:53:30 -0700
> Ryan Hunt  wrote:
>
>
>
> On Nov 15, 2018, at 6:25 PM, Mike  wrote:
>
> So you are angry that i and a few others have reported several bugs, to a
> system that we would like to see continue to exist?
>
> If there is no dev team, then maybe its time to call it a day instead of
> pretending everything is ok?
>
>
> You’d make an excellent politician with this superb ability to speak out
> both ends, all while being incapable even coming up with solutions, let
> alone implementing them.
>
> No one here has been pretending its okay, were just not willing to pack it
> up and call it a day because of you say we should.. there’s literally no
> chance someone’s going to read your articles and decide to volunteer the
> time and energy to implementing a solution.. so really everything you’ve
> done and all your doing is to the detriment of the key server network.. and
> yet your surprised at the hostility you’ve found here?
>
> -Ryan
>
> On Thu, 15 Nov 2018 18:12:14 -0700
> Ryan Hunt mailto:ad...@nayr.net >> wrote:
>
> Wait, you have the skillset to code attacks and spew articles yet, no
> capability for solutions? Smells like ignorance is your forte.
>
> You seem to be under the impression that SKS has active developers working
> on it, the reason the “dev team” is quiet as per your “articles” is there
> is no friggin dev team, just some maintainers pushing merge requests from
> people hacking it a bit here and there to fix major problems that can be
> fixed and keep it compiling on modern systems.
>
> There is nobody actively interested in the development required to
> re-archectect the SKS backend and infrastructure that had been running fine
> for a few decades now.. until you came along and made a big stink.. If you
> have a proposal for a new way of doing things, we’re all dying to hear it.
>
> -Ryan
>
>
> On Nov 15, 2018, at 

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[stuff]

Ill admit that was my mistake to not submit the article to Kristian first as 
promised, i genuinely forgot i had promised that, 2hrs of sleep yesterday and a 
fulls day work i didn't re-read the email and catch that before publication. 
For which i apologize, i am open for reasonable alterations to the article, to 
address this issue. i have addressed the need for corrections before and 
additional info in a previous article. Dishonest and deception is not my intent.

Kristian says in his interview the network was not designed to be resilient?
So why is the network made immutable by design? and why has it been made 
important as well that no single person can alter or abuse a key?

Im just here to try understand why no changes have happened, now i have learned 
no one is maintaining the project anymore, its dead in the water. This gives me 
a totally new perspective now.

>"Busy body, inserting my self into this?"
Its an open source project so its reasonable when its users come asking 
questions or find bugs i think its fair to be able hold the maintainers to 
scrutiny or criticism and even challenge their actions. especially when people 
depend on the services.Especially when its holding their personal information!

From what i have gotten from all this is that the servers are nothing more than 
an overly complex immutable data storage system with numerous unfixed 
vulnerabilities that is no longer maintained, and poses financial and legal 
risk to the admins who run and support it, with no possible fixes in the 
foreseeable future?

>Like someone else said, we were all fine until you showed up.
it has not been fine, there's been years of complaints about how the servers 
work or to be more accurate don't. Admins having issues constantly and 
questions or calls for help simply ignored.  Now 2 more admins have complained 
and have not had a single response to their concerns. Once again very little to 
be heard kristian, i would like to see him address the concerns that Moritz 
Wirth and Fabian S have brought up.

Mike

On Thu, 15 Nov 2018 19:53:04 -0700
JD Erickson  wrote:

> I read the medium article - suffice it to say Mr. Mike seems to have a
> reading comprehension problem, because in the article he insists the
> keyserver network was intended to be resilient to attack (it is not, all of
> us who have been in the network for even a short time know it is not, and
> Kristian says it is not in his "interview" responses), and he also ignored
> 80% of the other stuff Kristian said in response to his questions. He seems
> to have failed to forward a draft of his medium article to Kristian for a
> "fact check" like he said he would, so on top of all that we have an
> element of dishonesty and deception.
> 
> What we have here is a busybody who just wants to assert themselves in some
> fashion. He has done so. Congratulations. You are a very impressive and
> important security professional, Mr. Mike, we are all enamored with you.
> 
> You aren't the first uninvited busybody to come in and screw with a project
> just to assert yourself, and I'm sure you won't be the last.
> 
> The inanity of people like you really leave a bad taste in my mouth for
> this stuff.
> 
> Like someone else said, we were all fine until you showed up. That must
> make you feel very important and validated. I'm happy for you.
> 
> On Thu, Nov 15, 2018 at 6:54 PM Ryan Hunt  wrote:
> 
> > On Nov 15, 2018, at 6:25 PM, Mike  wrote:
> >
> > So you are angry that i and a few others have reported several bugs, to a
> > system that *we would like to see continue to exist?*
> >
> > If there is no dev team,* then maybe its time to call it a day instead of
> > pretending everything is ok?*
> >
> >
> > You’d make an excellent politician with this superb ability to speak out
> > both ends, all while being incapable even coming up with solutions, let
> > alone implementing them.
> >
> > No one here has been pretending its okay, were just not willing to pack it
> > up and call it a day because of you say we should.. there’s literally no
> > chance someone’s going to read your articles and decide to volunteer the
> > time and energy to implementing a solution.. so really everything you’ve
> > done and all your doing is to the detriment of the key server network.. and
> > yet your surprised at the hostility you’ve found here?
> >
> > -Ryan
> >
> > On Thu, 15 Nov 2018 18:12:14 -0700
> > Ryan Hunt  wrote:
> >
> > Wait, you have the skillset to code attacks and spew articles yet, no
> > capability for solutions? Smells like ignorance is your forte.
> >
> > You seem to be under the impression that SKS has active developers working
> > on it, the reason the “dev team” is quiet as per your “articles” is there
> > is no friggin dev team, just some maintainers pushing merge requests from
> > people hacking it a bit here and there to fix major problems that can be
> > fixed and keep it compiling on modern systems.
> >
> > There is nobody actively interested in 

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[JD Erickson]

I read the medium article - suffice it to say Mr. Mike seems to have a
reading comprehension problem, because in the article he insists the
keyserver network was intended to be resilient to attack (it is not, all of
us who have been in the network for even a short time know it is not, and
Kristian says it is not in his "interview" responses), and he also ignored
80% of the other stuff Kristian said in response to his questions. He seems
to have failed to forward a draft of his medium article to Kristian for a
"fact check" like he said he would, so on top of all that we have an
element of dishonesty and deception.

What we have here is a busybody who just wants to assert themselves in some
fashion. He has done so. Congratulations. You are a very impressive and
important security professional, Mr. Mike, we are all enamored with you.

You aren't the first uninvited busybody to come in and screw with a project
just to assert yourself, and I'm sure you won't be the last.

The inanity of people like you really leave a bad taste in my mouth for
this stuff.

Like someone else said, we were all fine until you showed up. That must
make you feel very important and validated. I'm happy for you.

On Thu, Nov 15, 2018 at 6:54 PM Ryan Hunt  wrote:

> On Nov 15, 2018, at 6:25 PM, Mike  wrote:
>
> So you are angry that i and a few others have reported several bugs, to a
> system that *we would like to see continue to exist?*
>
> If there is no dev team,* then maybe its time to call it a day instead of
> pretending everything is ok?*
>
>
> You’d make an excellent politician with this superb ability to speak out
> both ends, all while being incapable even coming up with solutions, let
> alone implementing them.
>
> No one here has been pretending its okay, were just not willing to pack it
> up and call it a day because of you say we should.. there’s literally no
> chance someone’s going to read your articles and decide to volunteer the
> time and energy to implementing a solution.. so really everything you’ve
> done and all your doing is to the detriment of the key server network.. and
> yet your surprised at the hostility you’ve found here?
>
> -Ryan
>
> On Thu, 15 Nov 2018 18:12:14 -0700
> Ryan Hunt  wrote:
>
> Wait, you have the skillset to code attacks and spew articles yet, no
> capability for solutions? Smells like ignorance is your forte.
>
> You seem to be under the impression that SKS has active developers working
> on it, the reason the “dev team” is quiet as per your “articles” is there
> is no friggin dev team, just some maintainers pushing merge requests from
> people hacking it a bit here and there to fix major problems that can be
> fixed and keep it compiling on modern systems.
>
> There is nobody actively interested in the development required to
> re-archectect the SKS backend and infrastructure that had been running fine
> for a few decades now.. until you came along and made a big stink.. If you
> have a proposal for a new way of doing things, we’re all dying to hear it.
>
> -Ryan
>
>
> On Nov 15, 2018, at 6:01 PM, Mike  wrote:
>
> If i had the skill set needed to submit patches i would, but i don't.
> But i do have a voice and that can be used to spur on change.
>
> I wrote the articles because there is a clear ignorance here that your
> displaying really well, which is preventing things from getting fixed. Your
> clearly angry and not interested in resolving this issue through
> discussion. That ignorance is going to harm admins as Moritz Wirth and
> Fabian points out.
>
> Can you say there's no risk to admins financially and legally, because of
> the poor design of the servers or do they work just fine and they have
> nothing to worry about?
>
> If performing as designed means:
> failing to deal with oversized keys and chewing up bandwidth and CPU
> cycles and causing servers to stop responding or the web interface to
> freeze or spit out garbage is a feature then ok.
> or network instability then ok.
>
> Mike :)
>
> and if calling people children and being generally insulting is your thing
> your not really being constructive with this!
>
>
> On Fri, 16 Nov 2018 08:45:06 +0800
> Matthew Walster mailto:dotwaf...@gmail.com
> >> wrote:
>
> On Fri, 16 Nov 2018, 08:36 Mike 
> Your welcome to blame others for the servers issues.
>
> I and others have pointed out many times over the issues and no one has
> fixed them.
> Rather than blame me, take responsibility for the servers failings, for
> the developers failings.
>
>
> You are more than welcome to submit patches (or even ideas for patches) if
> you want to help improve things. Screaming blue murder helps no-one.
>
> Decent and good developers take bugs and fix them and ensure the ongoing
>
> survival of their software, not blame them on the people who found them and
> exposed them!
>
>
> The software is not broken. It is performing as designed. The same
> side-effects are present in Bitcoin but I don't see you making deranged
> comments about that...
>

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Ryan Hunt]

I’ve been contributing to those discussions and helping come up with those 
solutions your referencing, not beating on drums.. everyone here knows what the 
issues are and everyone has been honest about em, this entire mailer’s history 
is free to review and nobody has been hiding anything.. I just passed a decade 
subscribed to this mailing list.. Despite all the discussions that have taken 
place, you keep ringing the bell over and over with your cute little blog.

Right now I’m drafting up a replacement solution and might POC some code for a 
future proposal if I manage to find the time.. because I’ve got experience and 
solutions, just not a lot of free time to implement a project this complex.. so 
if everyone here is going to depend on me for development, well its not going 
to get very far.. but mebe I can get something off the ground in a modular 
framework that more people can work with than the existing codebase.

Your other projects do not address the role of the SKS network, there is a need 
for a distributed list of keys.. for example a friend I grew up with now 
maintains architectural software builds for a popular Linux distribution, he 
needs to validate signatures of keys completely automated and in high volume 
coming from disperse projects and upstream sources.. We run a key server just 
for this task so he’s not hammering and abusing other key keyservers.. he needs 
to federate with a decentralized dataset or all that automation starts 
breaking… He also dont have any need to concern him self with GDPR or 
nonsensical keys or copyrighted material since its only his build environments 
that is accessing them. 

-Ryan

> On Nov 15, 2018, at 7:07 PM, stuff  wrote:
> 
> I think at least a warning should be given to the admins so they understand 
> the full legal risks of running a keyserver.
> 
> as far as solutions once again ive actually pointed out that people in the 
> comminity have already come up with solutions so i dont see the need to 
> iterate over the same ideas, i actually link to one post in one of my 
> articles about solutions on here. ive also reeferenced other projects. so i 
> have contributed some solutions and pointed out better ones by others.
> 
> i also dont think its needed to be insulting in a debate, its not 
> constructive.
> 
> What have you done to try and change things Ryan?
> 
> On Thu, 15 Nov 2018 18:53:30 -0700
> Ryan Hunt mailto:ad...@nayr.net>> wrote:
> 
>> 
>> 
>>> On Nov 15, 2018, at 6:25 PM, Mike  wrote:
>>> 
>>> So you are angry that i and a few others have reported several bugs, to a 
>>> system that we would like to see continue to exist?
>>> 
>>> If there is no dev team, then maybe its time to call it a day instead of 
>>> pretending everything is ok?
>>> 
>> 
>> You’d make an excellent politician with this superb ability to speak out 
>> both ends, all while being incapable even coming up with solutions, let 
>> alone implementing them.
>> 
>> No one here has been pretending its okay, were just not willing to pack it 
>> up and call it a day because of you say we should.. there’s literally no 
>> chance someone’s going to read your articles and decide to volunteer the 
>> time and energy to implementing a solution.. so really everything you’ve 
>> done and all your doing is to the detriment of the key server network.. and 
>> yet your surprised at the hostility you’ve found here? 
>> 
>> -Ryan
>> 
>>> On Thu, 15 Nov 2018 18:12:14 -0700
>>> Ryan Hunt mailto:ad...@nayr.net> >> >> wrote:
>>> 
 Wait, you have the skillset to code attacks and spew articles yet, no 
 capability for solutions? Smells like ignorance is your forte.
 
 You seem to be under the impression that SKS has active developers working 
 on it, the reason the “dev team” is quiet as per your “articles” is there 
 is no friggin dev team, just some maintainers pushing merge requests from 
 people hacking it a bit here and there to fix major problems that can be 
 fixed and keep it compiling on modern systems.
 
 There is nobody actively interested in the development required to 
 re-archectect the SKS backend and infrastructure that had been running 
 fine for a few decades now.. until you came along and made a big stink.. 
 If you have a proposal for a new way of doing things, we’re all dying to 
 hear it.
 
 -Ryan
 
 
> On Nov 15, 2018, at 6:01 PM, Mike  > wrote:
> 
> If i had the skill set needed to submit patches i would, but i don't.
> But i do have a voice and that can be used to spur on change.
> 
> I wrote the articles because there is a clear ignorance here that your 
> displaying really well, which is preventing things from getting fixed. 
> Your clearly angry and not interested in resolving this issue through 
> discussion. That ignorance is going to harm admins as Moritz Wirth and 
> 

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Ryan Hunt]

> On Nov 15, 2018, at 6:25 PM, Mike  wrote:
> 
> So you are angry that i and a few others have reported several bugs, to a 
> system that we would like to see continue to exist?
> 
> If there is no dev team, then maybe its time to call it a day instead of 
> pretending everything is ok?
> 

You’d make an excellent politician with this superb ability to speak out both 
ends, all while being incapable even coming up with solutions, let alone 
implementing them.

No one here has been pretending its okay, were just not willing to pack it up 
and call it a day because of you say we should.. there’s literally no chance 
someone’s going to read your articles and decide to volunteer the time and 
energy to implementing a solution.. so really everything you’ve done and all 
your doing is to the detriment of the key server network.. and yet your 
surprised at the hostility you’ve found here? 

-Ryan

> On Thu, 15 Nov 2018 18:12:14 -0700
> Ryan Hunt mailto:ad...@nayr.net>> wrote:
> 
>> Wait, you have the skillset to code attacks and spew articles yet, no 
>> capability for solutions? Smells like ignorance is your forte.
>> 
>> You seem to be under the impression that SKS has active developers working 
>> on it, the reason the “dev team” is quiet as per your “articles” is there is 
>> no friggin dev team, just some maintainers pushing merge requests from 
>> people hacking it a bit here and there to fix major problems that can be 
>> fixed and keep it compiling on modern systems.
>> 
>> There is nobody actively interested in the development required to 
>> re-archectect the SKS backend and infrastructure that had been running fine 
>> for a few decades now.. until you came along and made a big stink.. If you 
>> have a proposal for a new way of doing things, we’re all dying to hear it.
>> 
>> -Ryan
>> 
>> 
>>> On Nov 15, 2018, at 6:01 PM, Mike  wrote:
>>> 
>>> If i had the skill set needed to submit patches i would, but i don't.
>>> But i do have a voice and that can be used to spur on change.
>>> 
>>> I wrote the articles because there is a clear ignorance here that your 
>>> displaying really well, which is preventing things from getting fixed. Your 
>>> clearly angry and not interested in resolving this issue through 
>>> discussion. That ignorance is going to harm admins as Moritz Wirth and 
>>> Fabian points out.
>>> 
>>> Can you say there's no risk to admins financially and legally, because of 
>>> the poor design of the servers or do they work just fine and they have 
>>> nothing to worry about?
>>> 
>>> If performing as designed means: 
>>> failing to deal with oversized keys and chewing up bandwidth and CPU cycles 
>>> and causing servers to stop responding or the web interface to freeze or 
>>> spit out garbage is a feature then ok.
>>> or network instability then ok.
>>> 
>>> Mike :)
>>> 
>>> and if calling people children and being generally insulting is your thing 
>>> your not really being constructive with this!
>>> 
>>> 
>>> On Fri, 16 Nov 2018 08:45:06 +0800
>>> Matthew Walster mailto:dotwaf...@gmail.com> 
>>> >> wrote:
>>> 
 On Fri, 16 Nov 2018, 08:36 Mike >>>  wrote:
 
> Your welcome to blame others for the servers issues.
> 
> I and others have pointed out many times over the issues and no one has
> fixed them.
> Rather than blame me, take responsibility for the servers failings, for
> the developers failings.
> 
 
 You are more than welcome to submit patches (or even ideas for patches) if
 you want to help improve things. Screaming blue murder helps no-one.
 
 Decent and good developers take bugs and fix them and ensure the ongoing
> survival of their software, not blame them on the people who found them 
> and
> exposed them!
> 
 
 The software is not broken. It is performing as designed. The same
 side-effects are present in Bitcoin but I don't see you making deranged
 comments about that...
 
 Your basicly saying we should be able to have weak software and bad people
> shouldnt do bad things, thats not how the world works. Take some
> responsibility!!!
> 
 
 That's not what anyone is saying. What are you, 12 years old?
 
 And im not a journalist!
> 
 
 You wrote an article.
 
 M
 
> 
>>> 
>>> 
>>> -- 
>>> me mailto:st...@yakamo.org> >> >>
>>> 
>>> ___
>>> Sks-devel mailing list
>>> Sks-devel@nongnu.org  
>>> >
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel 
>>>  
>>> >> >
> 
> 
> -- 
> me mailto:st...@yakamo.org>>

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Mike]

So you are angry that i and a few others have reported several bugs, to a 
system that we would like to see continue to exist?

It isn't an attack its a proof of concept to show that malicious people could 
do damage, this is to get a point across to prove there's an issue in hope 
someone fixes it as it has been ignored for years, im not the only one to write 
a proof of concept for the same issue. Yegor wrote a very very effect PoC and 
was ignored as well when he submitted the bug.

Should i or others not submit bugs that could be detrimental to the functioning 
of the network to get fixed, because this approach is very off putting. I guess 
people might think twice about reporting a bug to you!

And the PoC i wrote is pretty simple, in fact it can be made far more simple 
and dangerous, with little effort from someone with real coding skills!

And i have previously pointed out alternate solutions in a previous article, 
for example Keybase.io, i am not a fan but its certainly proving to be a way 
better option at the moment, and people are using it instead of the keyservers, 
or storing the keys on github or their website. 

If there is no dev team, then maybe its time to call it a day instead of 
pretending everything is ok?


On Thu, 15 Nov 2018 18:12:14 -0700
Ryan Hunt  wrote:

> Wait, you have the skillset to code attacks and spew articles yet, no 
> capability for solutions? Smells like ignorance is your forte.
> 
> You seem to be under the impression that SKS has active developers working on 
> it, the reason the “dev team” is quiet as per your “articles” is there is no 
> friggin dev team, just some maintainers pushing merge requests from people 
> hacking it a bit here and there to fix major problems that can be fixed and 
> keep it compiling on modern systems.
> 
> There is nobody actively interested in the development required to 
> re-archectect the SKS backend and infrastructure that had been running fine 
> for a few decades now.. until you came along and made a big stink.. If you 
> have a proposal for a new way of doing things, we’re all dying to hear it.
> 
> -Ryan
> 
> 
> > On Nov 15, 2018, at 6:01 PM, Mike  wrote:
> > 
> > If i had the skill set needed to submit patches i would, but i don't.
> > But i do have a voice and that can be used to spur on change.
> > 
> > I wrote the articles because there is a clear ignorance here that your 
> > displaying really well, which is preventing things from getting fixed. Your 
> > clearly angry and not interested in resolving this issue through 
> > discussion. That ignorance is going to harm admins as Moritz Wirth and 
> > Fabian points out.
> > 
> > Can you say there's no risk to admins financially and legally, because of 
> > the poor design of the servers or do they work just fine and they have 
> > nothing to worry about?
> > 
> > If performing as designed means: 
> > failing to deal with oversized keys and chewing up bandwidth and CPU cycles 
> > and causing servers to stop responding or the web interface to freeze or 
> > spit out garbage is a feature then ok.
> > or network instability then ok.
> > 
> > Mike :)
> > 
> > and if calling people children and being generally insulting is your thing 
> > your not really being constructive with this!
> > 
> > 
> > On Fri, 16 Nov 2018 08:45:06 +0800
> > Matthew Walster mailto:dotwaf...@gmail.com>> wrote:
> > 
> >> On Fri, 16 Nov 2018, 08:36 Mike  >> 
> >>> Your welcome to blame others for the servers issues.
> >>> 
> >>> I and others have pointed out many times over the issues and no one has
> >>> fixed them.
> >>> Rather than blame me, take responsibility for the servers failings, for
> >>> the developers failings.
> >>> 
> >> 
> >> You are more than welcome to submit patches (or even ideas for patches) if
> >> you want to help improve things. Screaming blue murder helps no-one.
> >> 
> >> Decent and good developers take bugs and fix them and ensure the ongoing
> >>> survival of their software, not blame them on the people who found them 
> >>> and
> >>> exposed them!
> >>> 
> >> 
> >> The software is not broken. It is performing as designed. The same
> >> side-effects are present in Bitcoin but I don't see you making deranged
> >> comments about that...
> >> 
> >> Your basicly saying we should be able to have weak software and bad people
> >>> shouldnt do bad things, thats not how the world works. Take some
> >>> responsibility!!!
> >>> 
> >> 
> >> That's not what anyone is saying. What are you, 12 years old?
> >> 
> >> And im not a journalist!
> >>> 
> >> 
> >> You wrote an article.
> >> 
> >> M
> >> 
> >>> 
> > 
> > 
> > -- 
> > me mailto:st...@yakamo.org>>
> > 
> > ___
> > Sks-devel mailing list
> > Sks-devel@nongnu.org 
> > https://lists.nongnu.org/mailman/listinfo/sks-devel 
> > 


-- 
me 

___
Sks-devel mailing list

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Ryan Hunt]

Wait, you have the skillset to code attacks and spew articles yet, no 
capability for solutions? Smells like ignorance is your forte.

You seem to be under the impression that SKS has active developers working on 
it, the reason the “dev team” is quiet as per your “articles” is there is no 
friggin dev team, just some maintainers pushing merge requests from people 
hacking it a bit here and there to fix major problems that can be fixed and 
keep it compiling on modern systems.

There is nobody actively interested in the development required to 
re-archectect the SKS backend and infrastructure that had been running fine for 
a few decades now.. until you came along and made a big stink.. If you have a 
proposal for a new way of doing things, we’re all dying to hear it.

-Ryan


> On Nov 15, 2018, at 6:01 PM, Mike  wrote:
> 
> If i had the skill set needed to submit patches i would, but i don't.
> But i do have a voice and that can be used to spur on change.
> 
> I wrote the articles because there is a clear ignorance here that your 
> displaying really well, which is preventing things from getting fixed. Your 
> clearly angry and not interested in resolving this issue through discussion. 
> That ignorance is going to harm admins as Moritz Wirth and Fabian points out.
> 
> Can you say there's no risk to admins financially and legally, because of the 
> poor design of the servers or do they work just fine and they have nothing to 
> worry about?
> 
> If performing as designed means: 
> failing to deal with oversized keys and chewing up bandwidth and CPU cycles 
> and causing servers to stop responding or the web interface to freeze or spit 
> out garbage is a feature then ok.
> or network instability then ok.
> 
> Mike :)
> 
> and if calling people children and being generally insulting is your thing 
> your not really being constructive with this!
> 
> 
> On Fri, 16 Nov 2018 08:45:06 +0800
> Matthew Walster mailto:dotwaf...@gmail.com>> wrote:
> 
>> On Fri, 16 Nov 2018, 08:36 Mike > 
>>> Your welcome to blame others for the servers issues.
>>> 
>>> I and others have pointed out many times over the issues and no one has
>>> fixed them.
>>> Rather than blame me, take responsibility for the servers failings, for
>>> the developers failings.
>>> 
>> 
>> You are more than welcome to submit patches (or even ideas for patches) if
>> you want to help improve things. Screaming blue murder helps no-one.
>> 
>> Decent and good developers take bugs and fix them and ensure the ongoing
>>> survival of their software, not blame them on the people who found them and
>>> exposed them!
>>> 
>> 
>> The software is not broken. It is performing as designed. The same
>> side-effects are present in Bitcoin but I don't see you making deranged
>> comments about that...
>> 
>> Your basicly saying we should be able to have weak software and bad people
>>> shouldnt do bad things, thats not how the world works. Take some
>>> responsibility!!!
>>> 
>> 
>> That's not what anyone is saying. What are you, 12 years old?
>> 
>> And im not a journalist!
>>> 
>> 
>> You wrote an article.
>> 
>> M
>> 
>>> 
> 
> 
> -- 
> me mailto:st...@yakamo.org>>
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org 
> https://lists.nongnu.org/mailman/listinfo/sks-devel 
> 
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Mike]

And there goes the ignorance!

On Fri, 16 Nov 2018 09:08:02 +0800
Matthew Walster  wrote:

> On Fri, 16 Nov 2018, 09:01 Mike  
> > If i had the skill set needed to submit patches i would, but i don't.
> > But i do have a voice and that can be used to spur on change.
> >
> 
> 
> 
> Good lord, Kristian, you have to deal with these people on a regular basis?
> 
> I haven't been part of the pool in quite a while now, but feel free to stop
> in for a beer if you're ever in Amsterdam ;)
> 
> M
> 
> >


-- 
me 

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Matthew Walster]

On Fri, 16 Nov 2018, 09:01 Mike  If i had the skill set needed to submit patches i would, but i don't.
> But i do have a voice and that can be used to spur on change.
>



Good lord, Kristian, you have to deal with these people on a regular basis?

I haven't been part of the pool in quite a while now, but feel free to stop
in for a beer if you're ever in Amsterdam ;)

M

>
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Mike]

If i had the skill set needed to submit patches i would, but i don't.
But i do have a voice and that can be used to spur on change.

I wrote the articles because there is a clear ignorance here that your 
displaying really well, which is preventing things from getting fixed. Your 
clearly angry and not interested in resolving this issue through discussion. 
That ignorance is going to harm admins as Moritz Wirth and Fabian points out.

Can you say there's no risk to admins financially and legally, because of the 
poor design of the servers or do they work just fine and they have nothing to 
worry about?

If performing as designed means: 
failing to deal with oversized keys and chewing up bandwidth and CPU cycles and 
causing servers to stop responding or the web interface to freeze or spit out 
garbage is a feature then ok.
or network instability then ok.

Mike :)

and if calling people children and being generally insulting is your thing your 
not really being constructive with this!


On Fri, 16 Nov 2018 08:45:06 +0800
Matthew Walster  wrote:

> On Fri, 16 Nov 2018, 08:36 Mike  
> > Your welcome to blame others for the servers issues.
> >
> > I and others have pointed out many times over the issues and no one has
> > fixed them.
> > Rather than blame me, take responsibility for the servers failings, for
> > the developers failings.
> >
> 
> You are more than welcome to submit patches (or even ideas for patches) if
> you want to help improve things. Screaming blue murder helps no-one.
> 
> Decent and good developers take bugs and fix them and ensure the ongoing
> > survival of their software, not blame them on the people who found them and
> > exposed them!
> >
> 
> The software is not broken. It is performing as designed. The same
> side-effects are present in Bitcoin but I don't see you making deranged
> comments about that...
> 
> Your basicly saying we should be able to have weak software and bad people
> > shouldnt do bad things, thats not how the world works. Take some
> > responsibility!!!
> >
> 
> That's not what anyone is saying. What are you, 12 years old?
> 
> And im not a journalist!
> >
> 
> You wrote an article.
> 
> M
> 
> >


-- 
me 

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Matthew Walster]

On Fri, 16 Nov 2018, 08:36 Mike  Your welcome to blame others for the servers issues.
>
> I and others have pointed out many times over the issues and no one has
> fixed them.
> Rather than blame me, take responsibility for the servers failings, for
> the developers failings.
>

You are more than welcome to submit patches (or even ideas for patches) if
you want to help improve things. Screaming blue murder helps no-one.

Decent and good developers take bugs and fix them and ensure the ongoing
> survival of their software, not blame them on the people who found them and
> exposed them!
>

The software is not broken. It is performing as designed. The same
side-effects are present in Bitcoin but I don't see you making deranged
comments about that...

Your basicly saying we should be able to have weak software and bad people
> shouldnt do bad things, thats not how the world works. Take some
> responsibility!!!
>

That's not what anyone is saying. What are you, 12 years old?

And im not a journalist!
>

You wrote an article.

M

>
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Moritz Wirth]

Also some personal words - this is not meant to judge or criticize
anyone but rather to express my own feelings and opinions about SKS
within the last months.

- The fact that most (all?) vulnerabilities inside SKS are known for a
very long time and have not been fixed is deeply concerning - for
example I really don't see any reason how a reasonable size limit of a
single key would have censored anybody - but it would have prevented
many keyservers from constantly becoming unresponsive as well as high
traffic and resource consumption (we spent 2.4 TB on peering over the
last 2 months). Just ignoring it because it still works somehow is
frustrating at best and desasterours at worst.
- GDPR is not really a new thing and it was already in place 2 years
before it actually became relevant. Instead of waiting until someone
uploads data relevant enough to get it removeed by a court, a simple
remove list would not have been a big deal.
- keys.flanga.io got kicked out of the pool around 3-4 months ago - the
initial response to this was about some missing Header files - my
request to check again was simply not answered. As I found out, it was
excluded due to "unrecognized server version" - it is true that we were
running our own implementation for a while - however this was not the
case for keys.flanga.io. Kicking it out is one thing (and comitting that
change 2 months later so I was finally able to see why), not responding
instead of resolving the issue is another - but no offense (we all
forget things :) ).
- Though SKS keyservers are not meant to be trusted, people still trust
in the reliability of it as a service. Therefore, it should be operated
and handled in that way - a roundrobin that is checked and updated every
hour when all 5 keyservers can be killed within seconds is not something
that I would consider reliable.

Best Regards,

Am 16.11.18 um 00:59 schrieb Mike:
> Moritz you did the right thing!
>
> A lot of people consider the GDPR crappy only because it inconveniences them.
> This law is actually extremely useful and greatly overdue.
>
>
> On Fri, 16 Nov 2018 00:50:31 +0100
> Moritz Wirth  wrote:
>
>> I asked to be allowed to share some more details, however the request
>> was to remove/prevent indexing of 2 keys stored on our keyservers -
>> including copies of ID's to verify the request as required by the
>> european data protection law. Since it is not possible to prevent the
>> indexing of data, I think the only possible way to handle this request
>> is to shut them down. I don't see a reason to fight this - it is the
>> right of someone to get his/her data removed so we are required to do
>> this regardless of how crappy that law might be. If someone decides to
>> ignore it, it's up on them.
>>
>> Am 16.11.18 um 00:31 schrieb Mike:
>>
>>> Fabian, im sure you can tell that nothings going to change :(
>>>
>>> But maybe these shutdowns in protest will provoke change, before its too 
>>> late?
>>>
>>> On Thu, 15 Nov 2018 23:23:43 +
>>> "Fabian A. Santiago"  wrote:
>>>
 Wow! I’d love to see that as well.

 I just saw Kristian’s post with his email exchange. It’s a shame the 
 situation is going down like this. I do hope a proper solution can be 
 found so I and hopefully others can return to contributing to the network, 
 should the mode of operation dictate and stay this way.

 --

 Thanks,

 Fabian S.

 OpenPGP:

 0x643082042DC83E6D94B86C405E3DAA18A1C22D8F

 On Thu, Nov 15, 2018 at 5:58 PM, Georg Faerber  wrote:

> Hi,
>
> On 18-11-15 23:56:07, Moritz Wirth wrote:
>> keys.flanga.io will cease operation - we received a request to remove
>> some keys and since we are unable to do this, we will shutdown all
>> keyservers and erase all relevant databases immediately.
> Would it be possible to share this request, omitting sensitive details?
>
> Cheers,
> Georg
>


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Mike]

Your welcome to blame others for the servers issues.

I and others have pointed out many times over the issues and no one has fixed 
them.
Rather than blame me, take responsibility for the servers failings, for the 
developers failings.

Decent and good developers take bugs and fix them and ensure the ongoing 
survival of their software, not blame them on the people who found them and 
exposed them!

Your basicly saying we should be able to have weak software and bad people 
shouldnt do bad things, thats not how the world works. Take some 
responsibility!!!

And im not a journalist!

On Fri, 16 Nov 2018 08:30:08 +0800
Matthew Walster  wrote:

> On Fri, 16 Nov 2018, 08:09 Mike  
> > This has Been Kristians approach to previous issues like this, and this
> > has led to now. where the servers have not changed, that neglect now ruins
> > it for everyone else and even puts the admins at risk of financial and
> > legal damage, as you mentioned most cant afford to take that risk.
> >
> 
> Mike, to be clear, many of us are shutting down because of people like you,
> not actual problems.
> 
> You fundamentally do not understand what you are talking about, you are
> causing mischief just because it makes you feel important, and your
> "journalistic" style is abhorrent.
> 
> Almost all the problems that the SKS network has are far worse in any of
> the distributed Merkle-like cryptocurrencies or even systems like git or
> mercurial for that matter (though those aren't quite as automatic).
> 
> It is you and your ilk that has ruined this, and Kristian has been nothing
> but open, transparent, and patient with inquisitors, with little to no
> thanks in return.
> 
> M
> 
> >


-- 
me 

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Matthew Walster]

On Fri, 16 Nov 2018, 08:09 Mike  This has Been Kristians approach to previous issues like this, and this
> has led to now. where the servers have not changed, that neglect now ruins
> it for everyone else and even puts the admins at risk of financial and
> legal damage, as you mentioned most cant afford to take that risk.
>

Mike, to be clear, many of us are shutting down because of people like you,
not actual problems.

You fundamentally do not understand what you are talking about, you are
causing mischief just because it makes you feel important, and your
"journalistic" style is abhorrent.

Almost all the problems that the SKS network has are far worse in any of
the distributed Merkle-like cryptocurrencies or even systems like git or
mercurial for that matter (though those aren't quite as automatic).

It is you and your ilk that has ruined this, and Kristian has been nothing
but open, transparent, and patient with inquisitors, with little to no
thanks in return.

M

>
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Mike]

This has Been Kristians approach to previous issues like this, and this has led 
to now. where the servers have not changed, that neglect now ruins it for 
everyone else and even puts the admins at risk of financial and legal damage, 
as you mentioned most cant afford to take that risk.

yakamo

On Thu, 15 Nov 2018 23:56:26 +
"Fabian A. Santiago"  wrote:

> Yeh I don’t agree with the stance “we haven’t seen a shutdown via legal 
> challenge yet so I’m happy to just hang and wait and see what happens...”. 
> Sorry but many people running keyservers aren’t businesses but rather private 
> individuals and can not afford to risk ANY possible legal action. Once you 
> hear from an attorney, the stakes go up and that’s too much a risk to bear.
> 
> --
> 
> Thanks,
> 
> Fabian S.
> 
> OpenPGP:
> 
> 0x643082042DC83E6D94B86C405E3DAA18A1C22D8F
> 
> On Thu, Nov 15, 2018 at 6:50 PM, Moritz Wirth  wrote:
> 
> > I asked to be allowed to share some more details, however the request
> > was to remove/prevent indexing of 2 keys stored on our keyservers -
> > including copies of ID's to verify the request as required by the
> > european data protection law. Since it is not possible to prevent the
> > indexing of data, I think the only possible way to handle this request
> > is to shut them down. I don't see a reason to fight this - it is the
> > right of someone to get his/her data removed so we are required to do
> > this regardless of how crappy that law might be. If someone decides to
> > ignore it, it's up on them.
> >
> > Am 16.11.18 um 00:31 schrieb Mike:
> >
> >> Fabian, im sure you can tell that nothings going to change :(
> >>
> >> But maybe these shutdowns in protest will provoke change, before its to=
> > o late?
> >>
> >> On Thu, 15 Nov 2018 23:23:43 +
> >> "Fabian A. Santiago"  wrote:
> >>
> >>> Wow! I=E2=80=99d love to see that as well.
> >>>
> >>> I just saw Kristian=E2=80=99s post with his email exchange. It=E2=80=99=
> > s a shame the situation is going down like this. I do hope a proper solut=
> > ion can be found so I and hopefully others can return to contributing to =
> > the network, should the mode of operation dictate and stay this way.
> >>>
> >>> --
> >>>
> >>> Thanks,
> >>>
> >>> Fabian S.
> >>>
> >>> OpenPGP:
> >>>
> >>> 0x643082042DC83E6D94B86C405E3DAA18A1C22D8F
> >>>
> >>> On Thu, Nov 15, 2018 at 5:58 PM, Georg Faerber  wrot=
> > e:
> >>>
>  Hi,
> 
>  On 18-11-15 23:56:07, Moritz Wirth wrote:
> > keys.flanga.io will cease operation - we received a request to remov=
> > e
> > some keys and since we are unable to do this, we will shutdown all
> > keyservers and erase all relevant databases immediately.
>  Would it be possible to share this request, omitting sensitive detail=
> > s?
> 
>  Cheers,
>  Georg

-- 
me 

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Mike]

Moritz you did the right thing!

A lot of people consider the GDPR crappy only because it inconveniences them.
This law is actually extremely useful and greatly overdue.


On Fri, 16 Nov 2018 00:50:31 +0100
Moritz Wirth  wrote:

> I asked to be allowed to share some more details, however the request
> was to remove/prevent indexing of 2 keys stored on our keyservers -
> including copies of ID's to verify the request as required by the
> european data protection law. Since it is not possible to prevent the
> indexing of data, I think the only possible way to handle this request
> is to shut them down. I don't see a reason to fight this - it is the
> right of someone to get his/her data removed so we are required to do
> this regardless of how crappy that law might be. If someone decides to
> ignore it, it's up on them.
> 
> Am 16.11.18 um 00:31 schrieb Mike:
> 
> > Fabian, im sure you can tell that nothings going to change :(
> >
> > But maybe these shutdowns in protest will provoke change, before its too 
> > late?
> >
> > On Thu, 15 Nov 2018 23:23:43 +
> > "Fabian A. Santiago"  wrote:
> >
> >> Wow! I’d love to see that as well.
> >>
> >> I just saw Kristian’s post with his email exchange. It’s a shame the 
> >> situation is going down like this. I do hope a proper solution can be 
> >> found so I and hopefully others can return to contributing to the network, 
> >> should the mode of operation dictate and stay this way.
> >>
> >> --
> >>
> >> Thanks,
> >>
> >> Fabian S.
> >>
> >> OpenPGP:
> >>
> >> 0x643082042DC83E6D94B86C405E3DAA18A1C22D8F
> >>
> >> On Thu, Nov 15, 2018 at 5:58 PM, Georg Faerber  wrote:
> >>
> >>> Hi,
> >>>
> >>> On 18-11-15 23:56:07, Moritz Wirth wrote:
>  keys.flanga.io will cease operation - we received a request to remove
>  some keys and since we are unable to do this, we will shutdown all
>  keyservers and erase all relevant databases immediately.
> >>> Would it be possible to share this request, omitting sensitive details?
> >>>
> >>> Cheers,
> >>> Georg
> 


-- 
me 

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Fabian A. Santiago]

Yeh I don’t agree with the stance “we haven’t seen a shutdown via legal 
challenge yet so I’m happy to just hang and wait and see what happens...”. 
Sorry but many people running keyservers aren’t businesses but rather private 
individuals and can not afford to risk ANY possible legal action. Once you hear 
from an attorney, the stakes go up and that’s too much a risk to bear.

--

Thanks,

Fabian S.

OpenPGP:

0x643082042DC83E6D94B86C405E3DAA18A1C22D8F

On Thu, Nov 15, 2018 at 6:50 PM, Moritz Wirth  wrote:

> I asked to be allowed to share some more details, however the request
> was to remove/prevent indexing of 2 keys stored on our keyservers -
> including copies of ID's to verify the request as required by the
> european data protection law. Since it is not possible to prevent the
> indexing of data, I think the only possible way to handle this request
> is to shut them down. I don't see a reason to fight this - it is the
> right of someone to get his/her data removed so we are required to do
> this regardless of how crappy that law might be. If someone decides to
> ignore it, it's up on them.
>
> Am 16.11.18 um 00:31 schrieb Mike:
>
>> Fabian, im sure you can tell that nothings going to change :(
>>
>> But maybe these shutdowns in protest will provoke change, before its to=
> o late?
>>
>> On Thu, 15 Nov 2018 23:23:43 +
>> "Fabian A. Santiago"  wrote:
>>
>>> Wow! I=E2=80=99d love to see that as well.
>>>
>>> I just saw Kristian=E2=80=99s post with his email exchange. It=E2=80=99=
> s a shame the situation is going down like this. I do hope a proper solut=
> ion can be found so I and hopefully others can return to contributing to =
> the network, should the mode of operation dictate and stay this way.
>>>
>>> --
>>>
>>> Thanks,
>>>
>>> Fabian S.
>>>
>>> OpenPGP:
>>>
>>> 0x643082042DC83E6D94B86C405E3DAA18A1C22D8F
>>>
>>> On Thu, Nov 15, 2018 at 5:58 PM, Georg Faerber  wrot=
> e:
>>>
 Hi,

 On 18-11-15 23:56:07, Moritz Wirth wrote:
> keys.flanga.io will cease operation - we received a request to remov=
> e
> some keys and since we are unable to do this, we will shutdown all
> keyservers and erase all relevant databases immediately.
 Would it be possible to share this request, omitting sensitive detail=
> s?

 Cheers,
 Georg___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Moritz Wirth]

I asked to be allowed to share some more details, however the request
was to remove/prevent indexing of 2 keys stored on our keyservers -
including copies of ID's to verify the request as required by the
european data protection law. Since it is not possible to prevent the
indexing of data, I think the only possible way to handle this request
is to shut them down. I don't see a reason to fight this - it is the
right of someone to get his/her data removed so we are required to do
this regardless of how crappy that law might be. If someone decides to
ignore it, it's up on them.

Am 16.11.18 um 00:31 schrieb Mike:

> Fabian, im sure you can tell that nothings going to change :(
>
> But maybe these shutdowns in protest will provoke change, before its too late?
>
> On Thu, 15 Nov 2018 23:23:43 +
> "Fabian A. Santiago"  wrote:
>
>> Wow! I’d love to see that as well.
>>
>> I just saw Kristian’s post with his email exchange. It’s a shame the 
>> situation is going down like this. I do hope a proper solution can be found 
>> so I and hopefully others can return to contributing to the network, should 
>> the mode of operation dictate and stay this way.
>>
>> --
>>
>> Thanks,
>>
>> Fabian S.
>>
>> OpenPGP:
>>
>> 0x643082042DC83E6D94B86C405E3DAA18A1C22D8F
>>
>> On Thu, Nov 15, 2018 at 5:58 PM, Georg Faerber  wrote:
>>
>>> Hi,
>>>
>>> On 18-11-15 23:56:07, Moritz Wirth wrote:
 keys.flanga.io will cease operation - we received a request to remove
 some keys and since we are unable to do this, we will shutdown all
 keyservers and erase all relevant databases immediately.
>>> Would it be possible to share this request, omitting sensitive details?
>>>
>>> Cheers,
>>> Georg



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Mike]

Actually a really simple copyright issue one of my friends had the missfortune 
to encounter was using an image that was copyrighted on his website, he didnt 
really understand how this works and ended up with a 5,000 euro fine that he 
legally could not get out of.

Now apply that to the sks keyservers, doesnt take much to figure out how 
horribly wrong that could go for an admin.
Because in the eyes of the law its the admin thats responsible!

On Fri, 16 Nov 2018 00:40:39 +0100
Mike  wrote:

> You seem to side step everytime. The keyserver software is broken, and isnt 
> being fixed, and is proving unstable.
> 
> You have gotten complaints from admins about it and some have shutdown their 
> servers because of it. 
> Why is nothing being done to fix these issues?
> 
> Each admin is legally at risk both from copyright material ending up on the 
> servers they run and the GDPR.
> 
> Do you recommend to just ignore this?
> 
> 
> On Fri, 16 Nov 2018 00:29:21 +0100
> Kristian Fiskerstrand  wrote:
> 
> > On 11/16/18 12:23 AM, Fabian A. Santiago wrote:
> > > Wow! I’d love to see that as well. 
> > > 
> > > I just saw Kristian’s post with his email exchange. It’s a shame the
> > > situation is going down like this. I do hope a proper solution can be
> > > found so I and hopefully others can return to contributing to the
> > > network, should the mode of operation dictate and stay this way.
> > 
> > sadly we've had this situation happening several times in the past as
> > well, the GDPR rules aren't actually novel in Europe. There is however a
> > lot of FUD involved in it, and the actual legal action for a keyserver
> > to be shut down has yet to be seen (in a non-voluntary basis). I'm happy
> > to stay up for a while until we see any actual legal challenge to it.
> > 
> > In any case, the discussions we've seen lately aren't really about
> > security; nor really about privacy; they are about argumentum ad hominem
> > against the operators of the traditional keyserver network, in favor of
> > alternative communication channels and in particular certificate
> > authorities in the form of "validating keyservers". I don't care much
> > for them for various reasons, but I also don't mind them being a part of
> > the ecosystem (as long as users understand their position).
> > 
> > -- 
> > 
> > Kristian Fiskerstrand
> > Blog: https://blog.sumptuouscapital.com
> > Twitter: @krifisk
> > 
> > Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
> > fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
> > 
> > "Expect the best. Prepare for the worst. Capitalize on what comes."
> > (Zig Ziglar)
> > 
> > ___
> > Sks-devel mailing list
> > Sks-devel@nongnu.org
> > https://lists.nongnu.org/mailman/listinfo/sks-devel
> 
> 
> -- 
> me 
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel


-- 
me 

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Mike]

You seem to side step everytime. The keyserver software is broken, and isnt 
being fixed, and is proving unstable.

You have gotten complaints from admins about it and some have shutdown their 
servers because of it. 
Why is nothing being done to fix these issues?

Each admin is legally at risk both from copyright material ending up on the 
servers they run and the GDPR.

Do you recommend to just ignore this?


On Fri, 16 Nov 2018 00:29:21 +0100
Kristian Fiskerstrand  wrote:

> On 11/16/18 12:23 AM, Fabian A. Santiago wrote:
> > Wow! I’d love to see that as well. 
> > 
> > I just saw Kristian’s post with his email exchange. It’s a shame the
> > situation is going down like this. I do hope a proper solution can be
> > found so I and hopefully others can return to contributing to the
> > network, should the mode of operation dictate and stay this way.
> 
> sadly we've had this situation happening several times in the past as
> well, the GDPR rules aren't actually novel in Europe. There is however a
> lot of FUD involved in it, and the actual legal action for a keyserver
> to be shut down has yet to be seen (in a non-voluntary basis). I'm happy
> to stay up for a while until we see any actual legal challenge to it.
> 
> In any case, the discussions we've seen lately aren't really about
> security; nor really about privacy; they are about argumentum ad hominem
> against the operators of the traditional keyserver network, in favor of
> alternative communication channels and in particular certificate
> authorities in the form of "validating keyservers". I don't care much
> for them for various reasons, but I also don't mind them being a part of
> the ecosystem (as long as users understand their position).
> 
> -- 
> 
> Kristian Fiskerstrand
> Blog: https://blog.sumptuouscapital.com
> Twitter: @krifisk
> 
> Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
> fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
> 
> "Expect the best. Prepare for the worst. Capitalize on what comes."
> (Zig Ziglar)
> 
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel


-- 
me 

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Mike]

Fabian, im sure you can tell that nothings going to change :(

But maybe these shutdowns in protest will provoke change, before its too late?

On Thu, 15 Nov 2018 23:23:43 +
"Fabian A. Santiago"  wrote:

> Wow! I’d love to see that as well.
> 
> I just saw Kristian’s post with his email exchange. It’s a shame the 
> situation is going down like this. I do hope a proper solution can be found 
> so I and hopefully others can return to contributing to the network, should 
> the mode of operation dictate and stay this way.
> 
> --
> 
> Thanks,
> 
> Fabian S.
> 
> OpenPGP:
> 
> 0x643082042DC83E6D94B86C405E3DAA18A1C22D8F
> 
> On Thu, Nov 15, 2018 at 5:58 PM, Georg Faerber  wrote:
> 
> > Hi,
> >
> > On 18-11-15 23:56:07, Moritz Wirth wrote:
> >> keys.flanga.io will cease operation - we received a request to remove
> >> some keys and since we are unable to do this, we will shutdown all
> >> keyservers and erase all relevant databases immediately.
> >
> > Would it be possible to share this request, omitting sensitive details?
> >
> > Cheers,
> > Georg

-- 
me 

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

[Kristian Fiskerstrand]

On 11/16/18 12:23 AM, Fabian A. Santiago wrote:
> Wow! I’d love to see that as well. 
> 
> I just saw Kristian’s post with his email exchange. It’s a shame the
> situation is going down like this. I do hope a proper solution can be
> found so I and hopefully others can return to contributing to the
> network, should the mode of operation dictate and stay this way.

sadly we've had this situation happening several times in the past as
well, the GDPR rules aren't actually novel in Europe. There is however a
lot of FUD involved in it, and the actual legal action for a keyserver
to be shut down has yet to be seen (in a non-voluntary basis). I'm happy
to stay up for a while until we see any actual legal challenge to it.

In any case, the discussions we've seen lately aren't really about
security; nor really about privacy; they are about argumentum ad hominem
against the operators of the traditional keyserver network, in favor of
alternative communication channels and in particular certificate
authorities in the form of "validating keyservers". I don't care much
for them for various reasons, but I also don't mind them being a part of
the ecosystem (as long as users understand their position).

-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

"Expect the best. Prepare for the worst. Capitalize on what comes."
(Zig Ziglar)

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] Withdrawal of Service - keys.flanga.io

[Moritz Wirth]

Hello,

keys.flanga.io will cease operation - we received a request to remove
some keys and since we are unable to do this, we will shutdown all
keyservers and erase all relevant databases immediately.

Best Regards,

Moritz




signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel