Re: sks.infcs.de online with hockeypuck server /// take down // Re: keyserver.insect.com GDRP takedown request

[Ced]

On Wed, 15 Jun 2022 13:33:04 +0200
Steffen Kaiser  wrote:

> On 30.05.22 22:09, Steffen Kaiser wrote:
> after some other issues and some testing of
> https://deb.cyberbits.eu/hockeypuck/, I'll give Hockeypuck a try.

Nice to see you find it helpful! Please let me know if you come across
any packaging issues. I only test it on Debian so I'm not sure if it
works properly on Ubuntu and derivatives.

> I have re-enabled the servers:
> 
> pgp.cyberbits.eu 11370
> [...]
> I will re-enable the other servers - maintainers are in BCC - on
> Monday as well, unless I get a negative feedback from a maintainter,
> in order to avoid sync'ing with a Hockeypuck server.

sks.infcs.de is still in my membership file so you should already be
able to sync from me. See
https://spider.pgpkeys.eu/sks-peers/peer-info?peer=pgp.cyberbits.eu for
more details.

Cheers


pgpJIN4mSySqC.pgp
Description: OpenPGP digital signature

Re: sks.infcs.de online with hockeypuck server /// take down // Re: keyserver.insect.com GDRP takedown request

[Skip Carter]

Yes this server is down, too many frustrations with administering
hockeypuck.

On Wed, 2022-06-15 at 13:33 +0200, Steffen Kaiser wrote:
> 
> 
> 
> keyserver.taygeta.com 11370 (down?)
> 



-- 
Dr Everett (Skip) Carter  0x8176163B
s...@taygeta.com
Taygeta Scientific Inc
607 Charles Ave
Seaside CA 93955
831-641-0645 x103

sks.infcs.de online with hockeypuck server /// take down // Re: keyserver.insect.com GDRP takedown request

[Steffen Kaiser]

On 30.05.22 22:09, Steffen Kaiser wrote:

Dear list,

after some other issues and some testing of
https://deb.cyberbits.eu/hockeypuck/, I'll give Hockeypuck a try.

I have re-enabled the servers:

pgp.cyberbits.eu 11370
keyserver.dobrev.eu 11370 (down?)
sks.pgpkeys.eu 11370
keyserver.taygeta.com 11370 (down?)

because I tagged them as "hockeypuck".

I will re-enable the other servers - maintainers are in BCC - on Monday
as well, unless I get a negative feedback from a maintainter, in order
to avoid sync'ing with a Hockeypuck server.

Kind regards,

-- 
Steffen



signature.asc
Description: OpenPGP digital signature

Re: sks.infcs.de take down // Re: keyserver.insect.com GDRP takedown request

[Andrew Gallagher]

> On 30 May 2022, at 21:18, Steffen Kaiser  wrote:
> 
> On 2022-05-30 the stats are:
> new: 1326382updated: 3113
> 
> so, the hockeypuck server updated 3113 keys from a SKS server, which
> cannot receive new key information?

There’s a known issue in hockeypuck where repeated recon can cause a key to be 
marked as modified even if no new information has been added. I haven’t been 
able to debug properly, but it shouldn’t significantly affect the normal 
operation of the server.

A

Re: sks.infcs.de take down // Re: keyserver.insect.com GDRP takedown request

[Steffen Kaiser]

On 28.05.22 17:06, Steffen Kaiser wrote:

> If there is no solution for keeping blacklisted keys out of the server
> space, I will not bring any server back into the pool.

Just an update:

I setup a hockeypuck server according the info in this thread and let it
sync from a SSK server, a former pool member, but now offline. I do so
on purpose and do not want to load a dump.

On 2022-05-30 the stats are:
new: 1326382updated: 3113

so, the hockeypuck server updated 3113 keys from a SKS server, which
cannot receive new key information?

Be it, looks good so far.

Kind regards,


-- 
Steffen



signature.asc
Description: OpenPGP digital signature

Re: sks.infcs.de take down // Re: keyserver.insect.com GDRP takedown request

[Andrew Gallagher]

> On 28 May 2022, at 16:08, Steffen Kaiser  wrote:
> 
> I didn't followed the thread right now, but if somebody has a hacked
> hockeypuck server (I do not know go at all), which does not download
> blacklisted keys, please send a link

Install hockeypuck 2.1.0 or later and follow Alexandre’s instructions from 
earlier in the thread. Blacklisting is now a feature. :-)

A

Re: keyserver.insect.com GDRP takedown request

[Steffen Kaiser]

On 27.05.22 12:03, Ced wrote:
> On Fri, 27 May 2022 10:47:02 +0200 (CEST)
> "Kiss Gabor (Bitman)"  wrote:
> 
>> IMHO Mr. Puerto must show some evidence first about the key to delete
>> belongs to him. Otherwise any impostor can make delete other guys'
>> key.
> 
> I thought the same thing and asked him (privately) to resend his request
> in a PGP-signed email, which he did, so this is legit.
> 

I did so, too. He responded to the mail address, which is "legit" enough
for me and for everybody who can order me around at this topic.

-- 
Steffen



signature.asc
Description: OpenPGP digital signature

sks.infcs.de take down // Re: keyserver.insect.com GDRP takedown request

[Steffen Kaiser]

On 26.05.22 22:53, Jason John Schwarz via SKS development and deployment
list wrote:

Hi everybody,

> We have received the same take down request from Mr. Puerto as several other 
> keyservers under GDRP.
> As we are running keyserver.insect.com as a free service we can not afford to 
> deal with legal costs on this
> request, and therefore are shutting down keyserver.insect.com effective today.

I git the removable request as well. Therefore I stopped my SKS servers
and removed the mentioned keys. The servers stay out of the pool or will
be deleted in some weeks, if I cannot handle the issue by removing the
keys and keep them out of my server space. No matter if/what/how a legal
case would end.

I didn't followed the thread right now, but if somebody has a hacked
hockeypuck server (I do not know go at all), which does not download
blacklisted keys, please send a link. Otherwise it will take some time
to read through.

If there is no solution for keeping blacklisted keys out of the server
space, I will not bring any server back into the pool.

The main problem on my site is, that most people use Thunderbird
nowadays and switched to https://keys.openpgp.org/about/usage . This
does not make me happy, because we have some scenarios, in which we do
not want to make external connections each time and/or use a local key
server for local only keys, which are merged with the pool locally.

Kind regards,

-- 
Steffen




signature.asc
Description: OpenPGP digital signature

Re: keyserver.insect.com GDRP takedown request

[Andrew Gallagher]

> On 27 May 2022, at 11:38, Marcel Waldvogel  
> wrote:
> 
>  (Not included here, as I do not want to be responsible for his personal 
> information to be archived by the list.)

Indeed. Please everyone refrain from identifying (or jigsaw-identifying [1]) 
any particular individuals on the list, as the list archives are public.

List moderators: is it possible to purge this particular thread from the 
archives before the spiders find it?

A

[1] https://wikispooks.com/wiki/Jigsaw_Identification


signature.asc
Description: Message signed with OpenPGP

Re: keyserver.insect.com GDRP takedown request

[Marcel Waldvogel]

Thank you for the procedure.

For this specific user, he was helpful enough to include the keyids, so
it is somewhat easier:

- Run the following command to get the keyIds for the blacklist to add:cat < 
fingerprints.txt | tr A-Z a-z | sed -e "s/^/'/" -e 's/$'"/'/" |
tr \\012 ,; echo

- Add them to the blacklist first (so they will not be resynced later)

- Restart the hockeypuck server to reread the config file

- Write the keyids to a file, "fingerprints.txt"

- Run the following command to get the rfingerprints
rev < fingerprints.txt | tr A-Z a-z | sed -e "s/^/'/" -e 's/$'"/'/" |
tr \\012 , | sed 's/.$//'; echo

- Run the following to SQL commands with  replaced by the
output of the above script
delete from subkeys where rfingerprint in ();
delete from keys where rfingerprint in ();

The SQL command for this user (including his keyIDs) will be available
for 30 days at https://onice.ch/s/46SJq9ELM9fnHgw . (Not included here,
as I do not want to be responsible for his personal information to be
archived by the list.)

-Marcel

Am Freitag, dem 27.05.2022 um 06:48 +0200 schrieb Alexandre Dulaunoy:
> Hi All,
> 
> Hockeypuck supports blacklists (from version 2.1.0) when you can list
> all the fingerprint keys you want to avoid being synced.
> 
> In addition, you can delete the keys from Hockeypuck (PostgreSQL
> database). 
> 
> A key can be deleted from the SQL database in the following way:
> 
> - Query the pks interface for the offending key, get the hash
> fingerprint from Hockeypuck;
> 
> - Connect to Postgresql via psql
> 
> -select rfingerprint from keys where md5 in ();
> 
> - The returned rfingerprint can be used to delete  to delete the
> subkeys
> delete from subkeys where rfingerprint in ();
> - When all subkeys are deleted.
> - delete from keys where md5 in ()
> Don't forget to add the key in blacklist:
> [hockeypuck.openpgp]
> blacklist=[
>   "KEYFINGERPRINT"]
> I hope this helps.
> 
> Blacklists -> https://github.com/hockeypuck/hockeypuck/releases
> 
> On Fri, May 27, 2022 at 6:09 AM Allen Zhong  wrote:
> > Maybe it would be possible for the server to maintain some sort of
> > a 
> > "block list" and reject to receive those keys in the list and also
> > not 
> > returning them to the client? I think that's possible but as it
> > requires 
> > changes of the server software (hockeypuck and sks-server, etc.)
> > it's 
> > not likely to be a quick one.
> > 
> > On 2022/5/27 11:01, Ced wrote:
> > > If anyone has an idea to prevent the collapse of the few
> > remaining SKS
> > > keyservers, please let us know otherwise we'll have to take down
> > our
> > > server too pretty soon :(
> 
> 

Re: keyserver.insect.com GDRP takedown request

[Alexandre Dulaunoy]

Hi Ced,

You're welcome, I did a more complete document on GitHub:

https://gist.github.com/adulau/e3127df8b3c61e2faacbebd746519408

Feel free to update it.

- Original Message -
From: "Ced" 
To: "Alexandre Dulaunoy" 
Cc: "Allen Zhong" , "sks-devel" 
Sent: Friday, 27 May, 2022 12:00:44
Subject: Re: keyserver.insect.com GDRP takedown request

On Fri, 27 May 2022 06:48:21 +0200
Alexandre Dulaunoy  wrote:

> Hi All,
> 
> Hockeypuck supports blacklists (from version 2.1.0) when you can list
> all the fingerprint keys you want to avoid being synced.
> 
> In addition, you can delete the keys from Hockeypuck (PostgreSQL
> database).
> 
> A key can be deleted from the SQL database in the following way:
> 
> - Query the pks interface for the offending key, get the hash
> fingerprint from Hockeypuck;
> 
> - Connect to Postgresql via psql
> 
> -select rfingerprint from keys where md5 in ();
> 
> - The returned rfingerprint can be used to delete  to delete the
> subkeys
> 
> delete from subkeys where rfingerprint in ();
> 
> - When all subkeys are deleted.
> 
> - delete from keys where md5 in ()
> 
> Don't forget to add the key in blacklist:
> 
> [hockeypuck.openpgp]
> blacklist=[
>   "KEYFINGERPRINT"]
> 
> I hope this helps.
> 
> 
> Blacklists -> https://github.com/hockeypuck/hockeypuck/releases

Hi Alexandre,

You made my day! I somehow missed this new blacklist feature introduced
in 2.1.0. This is exactly what I was looking/hoping for.

Here are the keys I've been asked to delete in case anyone needs an easy
copy-and-paste:

> diff --git i/hockeypuck.conf w/hockeypuck.conf
> --- i/hockeypuck.conf
> +++ w/hockeypuck.conf
> 
> +[hockeypuck.openpgp]
> +blacklist=[
> +  "4ee0ea407647ce7f893b4d4cd55a56ed08155aa7",
> +  "e706e6e2b0062d68e00ad3a71b4e586917d2d55f",
> +  "90034cca442a325fedeb2e0302f6eb3d3523062f",
> +  "39762a49f4f92358ba98d0897e4cd9873ead04e5",
> +  "22dd2374f7c072b064731b84042ef61f3f2951c3",
> +  "9c002fd129aab3daaf4886c11bacfff4421c6f24",
> +  "c50c58c6a45c7f10332119c31ec6e78556894cf2",
> +  "33c251792b7ad4efa60f3b6f854b81325727766a",
> +  "c7a23d987c0a2f4a8c2c406595d3c5c466c16f5c",
> +  "cd30dadcde54b62476ed5dbdaac27ada79fa32f4",
> +  "10659e93de8ed69f47a8e6a4752e6011a7cec081",
> +  "fe1753d8f4cbfc8913c71a73461bb523e2468f79",
> +  "27b5000e1b27a03dd45e63fdd1c937f64b790fe5",
> +  "4a3c31edb549e934faa31cf18a4ed56c1b7d70f8",
> +  "11d33e66c37371dce4429a9d8be6e0081569fec9",
> +  "2e2ebc681e19ff06574b7f22ae5453a45153bd1f",
> +]

That is 16 keys however only 12 keys were present in Postgresql in my
case:

> hkp=> select rfingerprint from keys where md5 in
> ('db72376c0d739cfe9c0dfad593b146fe',
> '8c48c609644ff786d76ec0f42d3c653b',
> 'fc27c75c60fc832873d8be8b4cd33443',
> 'd4ef3e8ac56e54b6d5eb00dca43e756d',
> '2b8337e73c153e2395d982778638b223',
> 'd89a48fe2d8989824cb643aa2c4efb5a',
> '0531a90ff608dce3a08bdc534df82af8',
> '657d6a3b3eb0b37cc4b76336e698f21e',
> '68cb4a91f5e3d65ae6cd97d70951f41e',
> '4b7f8a95463b513b1b39b9fff7073e8d',
> '8f0207a20e6c3a8f8bcb8a85dbd5bccf',
> 'a875563073af91fce3e44ad3a3c9141a');
> rfingerprint
> --
> 9cef9651800e6eb8d9a9244ecd17373c66e33d11
> 7aa55180de65a55dc4d4b398f7ec746704ae0ee4
> f55d2d719685e4b17a3da00e86d2600b2e6e607e
> a66772752318b458f6b3f06afe4da7b297152c33
> c5f61c664c5c3d595604c2c8a4f2a0c789d32a7c
> 42f6c1244fffcab11c6884faad3baa921df200c9
> f2603253d3be6f2030e2bedef523a244acc43009
> f1db35154a3545ea22f7b47560ff91e186cbe2e2
> 5ef097b46f739c1ddf36e54dd30a72b1e0005b72
> 8f07d7b1c65de4a81fc13aaf439e945bde13c3a4
> 2fc49865587e6ce13c91123301f7c54a6c85c05c
> 5e40dae3789dc4e7980d89ab85329f4f94a26793
> (12 rows)
> 
> hkp=> delete from subkeys where rfingerprint in (select rfingerprint
> from keys where md5 in ('db72376c0d739cfe9c0dfad593b146fe',
> '8c48c609644ff786d76ec0f42d3c653b',
> 'fc27c75c60fc832873d8be8b4cd33443',
> 'd4ef3e8ac56e54b6d5eb00dca43e756d',
> '2b8337e73c153e2395d982778638b223',
> 'd89a48fe2d8989824cb643aa2c4efb5a',
> '0531a90ff608dce3a08bdc534df82af8',
> '657d6a3b3eb0b37cc4b76336e698f21e',
> '68cb4a91f5e3d65ae6cd97d70951f41e',
> '4b7f8a95463b513b1b39b9fff7073e8d',
> '8f0207a20e6c3a8f8bcb8a85dbd5bccf',
> 'a875563073af91fce3e44ad3a3c9141a'));
> DELETE 12

> hkp=> delete from
> keys where md5 in ('db72376c0d739cfe9c0dfad593b146fe',
> '8c48c609644ff786d76ec0f42d3c653b',
> 'fc27c75c60fc832873d8be8b4cd33443',
> 'd4ef3e8ac56e54b6d5eb00dca43e756d',
> '2b8337e73c153e2395d982778638b223',
> 'd89a48fe2d8989824cb643aa2c4efb5a',
> '0531a90ff608dce3a08bdc534df82af8',
> '657d6a3b3eb0b37cc4b76336e698f21e',
> '68cb4a91f5e3d65ae6cd97d70951f41e',
> '4b7f8a95463b513b1b39b9fff7073e8d',
> '8f0207a20e6c3a8f8bcb8a85dbd5bccf',
> 'a875563073af91fce3e44ad3a3c9141a');
> DELETE 12

Thank you again Alexandre!

Cheers,
Ced

Re: keyserver.insect.com GDRP takedown request

[Ced]

On Fri, 27 May 2022 10:47:02 +0200 (CEST)
"Kiss Gabor (Bitman)"  wrote:

> IMHO Mr. Puerto must show some evidence first about the key to delete
> belongs to him. Otherwise any impostor can make delete other guys'
> key.

I thought the same thing and asked him (privately) to resend his request
in a PGP-signed email, which he did, so this is legit.


pgpTlRBqNSuCx.pgp
Description: OpenPGP digital signature

Re: keyserver.insect.com GDRP takedown request

[Ced]

On Fri, 27 May 2022 06:48:21 +0200
Alexandre Dulaunoy  wrote:

> Hi All,
> 
> Hockeypuck supports blacklists (from version 2.1.0) when you can list
> all the fingerprint keys you want to avoid being synced.
> 
> In addition, you can delete the keys from Hockeypuck (PostgreSQL
> database).
> 
> A key can be deleted from the SQL database in the following way:
> 
> - Query the pks interface for the offending key, get the hash
> fingerprint from Hockeypuck;
> 
> - Connect to Postgresql via psql
> 
> -select rfingerprint from keys where md5 in ();
> 
> - The returned rfingerprint can be used to delete  to delete the
> subkeys
> 
> delete from subkeys where rfingerprint in ();
> 
> - When all subkeys are deleted.
> 
> - delete from keys where md5 in ()
> 
> Don't forget to add the key in blacklist:
> 
> [hockeypuck.openpgp]
> blacklist=[
>   "KEYFINGERPRINT"]
> 
> I hope this helps.
> 
> 
> Blacklists -> https://github.com/hockeypuck/hockeypuck/releases

Hi Alexandre,

You made my day! I somehow missed this new blacklist feature introduced
in 2.1.0. This is exactly what I was looking/hoping for.

Here are the keys I've been asked to delete in case anyone needs an easy
copy-and-paste:

> diff --git i/hockeypuck.conf w/hockeypuck.conf
> --- i/hockeypuck.conf
> +++ w/hockeypuck.conf
> 
> +[hockeypuck.openpgp]
> +blacklist=[
> +  "4ee0ea407647ce7f893b4d4cd55a56ed08155aa7",
> +  "e706e6e2b0062d68e00ad3a71b4e586917d2d55f",
> +  "90034cca442a325fedeb2e0302f6eb3d3523062f",
> +  "39762a49f4f92358ba98d0897e4cd9873ead04e5",
> +  "22dd2374f7c072b064731b84042ef61f3f2951c3",
> +  "9c002fd129aab3daaf4886c11bacfff4421c6f24",
> +  "c50c58c6a45c7f10332119c31ec6e78556894cf2",
> +  "33c251792b7ad4efa60f3b6f854b81325727766a",
> +  "c7a23d987c0a2f4a8c2c406595d3c5c466c16f5c",
> +  "cd30dadcde54b62476ed5dbdaac27ada79fa32f4",
> +  "10659e93de8ed69f47a8e6a4752e6011a7cec081",
> +  "fe1753d8f4cbfc8913c71a73461bb523e2468f79",
> +  "27b5000e1b27a03dd45e63fdd1c937f64b790fe5",
> +  "4a3c31edb549e934faa31cf18a4ed56c1b7d70f8",
> +  "11d33e66c37371dce4429a9d8be6e0081569fec9",
> +  "2e2ebc681e19ff06574b7f22ae5453a45153bd1f",
> +]

That is 16 keys however only 12 keys were present in Postgresql in my
case:

> hkp=> select rfingerprint from keys where md5 in
> ('db72376c0d739cfe9c0dfad593b146fe',
> '8c48c609644ff786d76ec0f42d3c653b',
> 'fc27c75c60fc832873d8be8b4cd33443',
> 'd4ef3e8ac56e54b6d5eb00dca43e756d',
> '2b8337e73c153e2395d982778638b223',
> 'd89a48fe2d8989824cb643aa2c4efb5a',
> '0531a90ff608dce3a08bdc534df82af8',
> '657d6a3b3eb0b37cc4b76336e698f21e',
> '68cb4a91f5e3d65ae6cd97d70951f41e',
> '4b7f8a95463b513b1b39b9fff7073e8d',
> '8f0207a20e6c3a8f8bcb8a85dbd5bccf',
> 'a875563073af91fce3e44ad3a3c9141a');
> rfingerprint
> --
> 9cef9651800e6eb8d9a9244ecd17373c66e33d11
> 7aa55180de65a55dc4d4b398f7ec746704ae0ee4
> f55d2d719685e4b17a3da00e86d2600b2e6e607e
> a66772752318b458f6b3f06afe4da7b297152c33
> c5f61c664c5c3d595604c2c8a4f2a0c789d32a7c
> 42f6c1244fffcab11c6884faad3baa921df200c9
> f2603253d3be6f2030e2bedef523a244acc43009
> f1db35154a3545ea22f7b47560ff91e186cbe2e2
> 5ef097b46f739c1ddf36e54dd30a72b1e0005b72
> 8f07d7b1c65de4a81fc13aaf439e945bde13c3a4
> 2fc49865587e6ce13c91123301f7c54a6c85c05c
> 5e40dae3789dc4e7980d89ab85329f4f94a26793
> (12 rows)
> 
> hkp=> delete from subkeys where rfingerprint in (select rfingerprint
> from keys where md5 in ('db72376c0d739cfe9c0dfad593b146fe',
> '8c48c609644ff786d76ec0f42d3c653b',
> 'fc27c75c60fc832873d8be8b4cd33443',
> 'd4ef3e8ac56e54b6d5eb00dca43e756d',
> '2b8337e73c153e2395d982778638b223',
> 'd89a48fe2d8989824cb643aa2c4efb5a',
> '0531a90ff608dce3a08bdc534df82af8',
> '657d6a3b3eb0b37cc4b76336e698f21e',
> '68cb4a91f5e3d65ae6cd97d70951f41e',
> '4b7f8a95463b513b1b39b9fff7073e8d',
> '8f0207a20e6c3a8f8bcb8a85dbd5bccf',
> 'a875563073af91fce3e44ad3a3c9141a'));
> DELETE 12

> hkp=> delete from
> keys where md5 in ('db72376c0d739cfe9c0dfad593b146fe',
> '8c48c609644ff786d76ec0f42d3c653b',
> 'fc27c75c60fc832873d8be8b4cd33443',
> 'd4ef3e8ac56e54b6d5eb00dca43e756d',
> '2b8337e73c153e2395d982778638b223',
> 'd89a48fe2d8989824cb643aa2c4efb5a',
> '0531a90ff608dce3a08bdc534df82af8',
> '657d6a3b3eb0b37cc4b76336e698f21e',
> '68cb4a91f5e3d65ae6cd97d70951f41e',
> '4b7f8a95463b513b1b39b9fff7073e8d',
> '8f0207a20e6c3a8f8bcb8a85dbd5bccf',
> 'a875563073af91fce3e44ad3a3c9141a');
> DELETE 12

Thank you again Alexandre!

Cheers,
Ced


pgpskZ9zK9lHN.pgp
Description: OpenPGP digital signature

Re: keyserver.insect.com GDRP takedown request

[Gabor Kiss]

On Fri, 27 May 2022, Wiktor Kwapisiewicz wrote:

> > IMHO Mr. Puerto must show some evidence first about the key to delete
> > belongs to him. Otherwise any impostor can make delete other guys' key.
> 
> This is actually pretty easy - they could cleartext sign a piece of text.

I did not say it would be hard. It is a must.

> information point to. Usually this required sending scanned ID documents or
> something like that (yep, painful).

Sure. We must protect real owners of records from impostors. :-)

Gabor

Re: keyserver.insect.com GDRP takedown request

[Wiktor Kwapisiewicz]

On 27.05.2022 10:47, Kiss Gabor (Bitman) wrote:

We have received the same take down request from Mr. Puerto as several other
keyservers under GDRP.


IMHO Mr. Puerto must show some evidence first about the key to delete
belongs to him. Otherwise any impostor can make delete other guys' key.


This is actually pretty easy - they could cleartext sign a piece of text.

IANAL but the GDPR takedown processes I've seen also required proving 
that the person asking for the takedown is the same person that the 
personal information point to. Usually this required sending scanned ID 
documents or something like that (yep, painful).


Kind regards,
Wiktor

Re: keyserver.insect.com GDRP takedown request

[Kiss Gabor (Bitman)]

> We have received the same take down request from Mr. Puerto as several other
> keyservers under GDRP.

IMHO Mr. Puerto must show some evidence first about the key to delete
belongs to him. Otherwise any impostor can make delete other guys' key.

Gabor

Re: keyserver.insect.com GDRP takedown request

[Alexandre Dulaunoy]

Hi All,

Hockeypuck supports blacklists (from version 2.1.0) when you can list all
the fingerprint keys you want to avoid being synced.

In addition, you can delete the keys from Hockeypuck (PostgreSQL database).

A key can be deleted from the SQL database in the following way:

- Query the pks interface for the offending key, get the hash fingerprint
from Hockeypuck;

- Connect to Postgresql via psql

-select rfingerprint from keys where md5 in ();

- The returned rfingerprint can be used to delete  to delete the subkeys

delete from subkeys where rfingerprint in ();

- When all subkeys are deleted.

- delete from keys where md5 in ()

Don't forget to add the key in blacklist:

[hockeypuck.openpgp]
blacklist=[
  "KEYFINGERPRINT"]

I hope this helps.


Blacklists -> https://github.com/hockeypuck/hockeypuck/releases

On Fri, May 27, 2022 at 6:09 AM Allen Zhong  wrote:

> Maybe it would be possible for the server to maintain some sort of a
> "block list" and reject to receive those keys in the list and also not
> returning them to the client? I think that's possible but as it requires
> changes of the server software (hockeypuck and sks-server, etc.) it's
> not likely to be a quick one.
>
> On 2022/5/27 11:01, Ced wrote:
> > If anyone has an idea to prevent the collapse of the few remaining SKS
> > keyservers, please let us know otherwise we'll have to take down our
> > server too pretty soon :(
>


-- 

--   Alexandre Dulaunoy (adulau) -- http://www.foo.be/
-- http://www.foo.be/cgi-bin/wiki.pl/Diary
-- "Knowledge can create problems, it is not through ignorance
--that we can solve them" Isaac Asimov

Re: keyserver.insect.com GDRP takedown request

[William Hay]

Thus spake Ced:
> --Sig_/FtuskvMchbl4eEa6+GkKc25
> Content-Type: text/plain; charset=US-ASCII
> Content-Transfer-Encoding: quoted-printable
>
> On Thu, 26 May 2022 16:53:31 -0400
> Jason John Schwarz via SKS development and deployment list
>  wrote:
>
> > We have received the same take down request from Mr. Puerto as
> > several other keyservers under GDRP. As we are running
> > keyserver.insect.com as a free service we can not afford to deal with
> > legal costs on this request, and therefore are shutting down
> > keyserver.insect.com effective today.
>
> We have received the same takedown request from that Mr. Puerto. We run
> Hockeypuck at pgp.cyberbits.eu. Sadly there doesn't seem to be an easy
> way to somehow blacklist his key. We could return 404 when the query
> parameters contains his key ID but the key would still be available
> through the search form and possibly other paths.
IIRC Hockeypuck has a size limit on keys somewhere in it.  Would it be possible 
to
replace Mr Puerto's keys with a dummy key that is already at the size limit to
prevent merging of further data?  

William

Re: keyserver.insect.com GDRP takedown request

[Jeremy T. Bouse]

Probably really needs a lawyer as IANAL, but from my reading of it the US
business compliance appears to revolve around "buying and selling of goods
and services to those inside the EU" so if you take that to be very
literal, SKS servers are not "buying and selling" as it is a free public
service. With that said and again IANAL it would seem that SKS in this case
operated within the US could be protected under safe haven laws as SKS
merely facilitates the data transfer though servers that actually enact
censoring of keys (blacklists) could potentially violate that... Good
question nonetheless.

On Thu, May 26, 2022 at 11:50 PM Ari Trachtenberg  wrote:

> Probably needs a lawyer ...
>
> On May 26, 2022, at 11:37 PM, Ced  wrote:
>
> On Thu, 26 May 2022 23:10:27 -0400
> Ari Trachtenberg  wrote:
>
> Would it help to move them to the US?
>
>
> IANAL but I don't think it would help according to
> https://gdpr.eu/companies-outside-of-europe/
>
> Quote: "This Regulation applies to the processing of personal data of
> data subjects who are in the Union by a controller or processor *not*
> established in the Union, where the processing activities are related
> to [...] the offering of goods or services, irrespective of whether a
> payment of the data subject is required, to such data subjects in the
> Union"
>
> One could argue that running a keyserver is offering services (to EU
> citizens) so I think GDPR applies in this case.
>
>
> ---
> Prof. Ari TrachtenbergECE, Boston University
> trach...@bu.eduhttp://people.bu.edu/trachten
>
>

-- 

Jeremy T. Bouse

Sr. DevOps Engineer

678.348.0867

UnderGrid.net 

Re: keyserver.insect.com GDRP takedown request

[Allen Zhong]

Maybe it would be possible for the server to maintain some sort of a 
"block list" and reject to receive those keys in the list and also not 
returning them to the client? I think that's possible but as it requires 
changes of the server software (hockeypuck and sks-server, etc.) it's 
not likely to be a quick one.


On 2022/5/27 11:01, Ced wrote:

If anyone has an idea to prevent the collapse of the few remaining SKS
keyservers, please let us know otherwise we'll have to take down our
server too pretty soon :(


OpenPGP_0x7D78D22D2B33.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: keyserver.insect.com GDRP takedown request

[Ari Trachtenberg]

Probably needs a lawyer ...

> On May 26, 2022, at 11:37 PM, Ced  wrote:
> 
> On Thu, 26 May 2022 23:10:27 -0400
> Ari Trachtenberg  wrote:
> 
>> Would it help to move them to the US?
> 
> IANAL but I don't think it would help according to
> https://gdpr.eu/companies-outside-of-europe/
> 
> Quote: "This Regulation applies to the processing of personal data of
> data subjects who are in the Union by a controller or processor *not*
> established in the Union, where the processing activities are related
> to [...] the offering of goods or services, irrespective of whether a
> payment of the data subject is required, to such data subjects in the
> Union"
> 
> One could argue that running a keyserver is offering services (to EU
> citizens) so I think GDPR applies in this case.

---
Prof. Ari TrachtenbergECE, Boston University
trach...@bu.eduhttp://people.bu.edu/trachten

Re: keyserver.insect.com GDRP takedown request

[Ced]

On Thu, 26 May 2022 23:10:27 -0400
Ari Trachtenberg  wrote:

> Would it help to move them to the US?

IANAL but I don't think it would help according to
https://gdpr.eu/companies-outside-of-europe/

Quote: "This Regulation applies to the processing of personal data of
data subjects who are in the Union by a controller or processor *not*
established in the Union, where the processing activities are related
to [...] the offering of goods or services, irrespective of whether a
payment of the data subject is required, to such data subjects in the
Union"

One could argue that running a keyserver is offering services (to EU
citizens) so I think GDPR applies in this case.


pgpHOplWDRzrH.pgp
Description: OpenPGP digital signature

Re: keyserver.insect.com GDRP takedown request

[Ari Trachtenberg]

Would it help to move them to the US?

> On May 26, 2022, at 11:01 PM, Ced  wrote:
> 
> On Thu, 26 May 2022 16:53:31 -0400
> Jason John Schwarz via SKS development and deployment list
>  wrote:
> 
>> We have received the same take down request from Mr. Puerto as
>> several other keyservers under GDRP. As we are running
>> keyserver.insect.com as a free service we can not afford to deal with
>> legal costs on this request, and therefore are shutting down
>> keyserver.insect.com effective today.
> 
> We have received the same takedown request from that Mr. Puerto. We run
> Hockeypuck at pgp.cyberbits.eu. Sadly there doesn't seem to be an easy
> way to somehow blacklist his key. We could return 404 when the query
> parameters contains his key ID but the key would still be available
> through the search form and possibly other paths.
> 
> Another idea would be to switch to
> https://gitlab.com/hagrid-keyserver/hagrid but it still doesn't have a
> federation feature so it would be pretty useless in practice.
> 
> pgp.cyberbits.eu is used by https://www.parabola.nu/ and probably other
> projects so we don't want to take it down. However, it's not worth
> getting sued for running a public service pro bono...
> 
> If anyone has an idea to prevent the collapse of the few remaining SKS
> keyservers, please let us know otherwise we'll have to take down our
> server too pretty soon :(

---
Prof. Ari TrachtenbergECE, Boston University
trach...@bu.eduhttp://people.bu.edu/trachten

Re: keyserver.insect.com GDRP takedown request

[Ced]

On Thu, 26 May 2022 16:53:31 -0400
Jason John Schwarz via SKS development and deployment list
 wrote:

> We have received the same take down request from Mr. Puerto as
> several other keyservers under GDRP. As we are running
> keyserver.insect.com as a free service we can not afford to deal with
> legal costs on this request, and therefore are shutting down
> keyserver.insect.com effective today.

We have received the same takedown request from that Mr. Puerto. We run
Hockeypuck at pgp.cyberbits.eu. Sadly there doesn't seem to be an easy
way to somehow blacklist his key. We could return 404 when the query
parameters contains his key ID but the key would still be available
through the search form and possibly other paths.

Another idea would be to switch to
https://gitlab.com/hagrid-keyserver/hagrid but it still doesn't have a
federation feature so it would be pretty useless in practice.

pgp.cyberbits.eu is used by https://www.parabola.nu/ and probably other
projects so we don't want to take it down. However, it's not worth
getting sued for running a public service pro bono...

If anyone has an idea to prevent the collapse of the few remaining SKS
keyservers, please let us know otherwise we'll have to take down our
server too pretty soon :(


pgpbgqzDckEGI.pgp
Description: OpenPGP digital signature

keyserver.insect.com GDRP takedown request

[Jason John Schwarz via SKS development and deployment list]

We have received the same take down request from Mr. Puerto as several other 
keyservers under GDRP.
As we are running keyserver.insect.com as a free service we can not afford to 
deal with legal costs on this
request, and therefore are shutting down keyserver.insect.com effective today.

Jason John Schwarz





signature.asc
Description: Message signed with OpenPGP