[Sks-devel] About deleting keys

[Kiss Gabor (Bitman)]

Folks,

Several times in the past years the problem of deleting keys
on user request is discussed.

E.g. see this thread and remember why should Peter Pramberger
get out of business:
http://lists.nongnu.org/archive/html/sks-devel/2010-09/threads.html#00020

The fundamental problem was that some users want their keys to delete
from _all_ key servers.
As we have seen already this is not possible for technology reasons.

If key removal is useful or desirable is a totally different question.
Some guys argue against it saying it would make impossible to
check digital signatures made by the deleted key.
I reply: who cares? The situation is the same if the user never
upload his/her public key to a key server.

The problem is have to solve -- I think -- that users threaten
key server operators with legal actions.

I have a proposal that may a trade-off. IMHO most of the complaining users
will accept that their keys remains in the database but they
are not appear in search results.

Technical implementation is the following:
If a user wants to hide his/her key (s)he just have to add a special
uid e.g. "Do not include in search results" or so.
The search engine just should ignore these keys.

However key could be retrieved by hex keyID that makes
verifying of digitally signed mails possible if the user
still uses the hidden key for signing in the future.
Key servers refuse retrieval by username or e-mail address only.

I repeat IMO a lot of peoples get satisfied with this offer.

A potential second level: retrieval by keyID can be
also disabled with a more strict uid, e.g. "Forget this f*ed key". :-)

Yes. Very smart and desperate end users and their lawyers may
point out that the key is actually NOT deleted, and an impostor
can download a key dump and can open a private data mine.
But I guess they are quite few. (Yet.)

BTW. The dumper could also drop these keys. Also the recon process.
Or does this consume too much resources?

Gabor