Big and complicated debate. You do not even imagine the challenges and difficulties you will face :) Regards, julien
-- Julien Sansonnens jsansonnens.ch | Site personnel 2016-03-23 23:01 GMT+01:00 Douglas <[email protected]>: > Hi all, > > Traditionally key servers have not had any options for deleting keys, so > over the years there ends up being a number of invalid keys where the owner > no longer has the corresponding private key or has closed the email account > tied to the key. > > The problem of not being able to delete keys also contributes to the issue > of keyserver based harassment or "doxing," where personal information and > emails are uploaded without permission. Since the keyserver does not verify > ownership of an email before accepting the key, anyone can create and > upload a key for any email and include personal information in the name > field. > > An example of 'Obama' : > http://pgp.mit.edu/pks/lookup?search=obama&op=index > > 'Hillary Clinton' shows similar issues : > http://pgp.mit.edu/pks/lookup?search=hillary+clinton&op=index > > One can also create and upload keys which contain a victim's username, > legal name, phone number, address, and other personal information and > upload the key to the keyserver. It would essentially be a permanent record > for someone's personal information. > > It doesn't benefit anyone to retain keys uploaded with malicious intent, > so I believe it's worth discussing a mechanism for key removal due to abuse > of the system. > > Thank you. > > _______________________________________________ > Sks-devel mailing list > [email protected] > https://lists.nongnu.org/mailman/listinfo/sks-devel > >
_______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
