[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] Possible solution to "delete" keys
|
From: |
dirk astrath |
|
Subject: |
[Sks-devel] Possible solution to "delete" keys |
|
Date: |
Tue, 29 Oct 2013 21:59:41 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello again ;-)
I understand the issue, that keys shouldn't be deleted from the
database. They should be revoked only and kept in the database.
Therefore i propose the following:
No matter, if a key is revoked or not, it should not be able to delete
it from the database.
But ... to follow german (and european) law it may be necessary to
"delete" keys from the database. As far as i know, it's possible to
"block" or "anonymize" the personal data to fulfill the requirement of
deleting keys from the database.
I suggest to "sign" the "to-be-deleted"-key with a special signature,
which causes the personal data of this key not to be displayed.
In this case we have 4 possible answers for a key if searching for the
Key-ID:
(1) Key is not in the database: Report no key
(2) Key is in the database: Show key-data and maybe verbose info
(3) Key is revoked: Show key-data and red marker "revoked"
... and new:
(4) Key is deleted: Show key-id only and red marker "revoked"
If i search for a name or email-adress a deleted key will then be
handled as "key not in database".
This would not break the "add-only"-system of the keyservers, but give
a possibility to remove personal data of deleted keys from the servers.
To go a step deeper:
Many users created a test/demo-key a long time ago and
forgot/deleted/... the private key or private-key-passphrase. Since
it's impossible to delete (or even revoke) the old keys, these keys
may still be used to encrypt mails to the user (which may never be
able to decrypt it). If the personal data from these old keys can be
hidden (=not displayed to the user or PGP/GnuPG-software) only the
active and revoked keys will be used.
(Every now and then i get the question from users: "which key should i
use to send a mail to you ... if I'm unsure, i use unencrypted mail").
However:
This new option should be switchable in the sks-config with default to
"hide personal data from deleted keys".
... and ...
We have to decide the details of the procedure to mark a key as
deleted in the database like "two or three sks-operators have to be
sure", "email-verification", "can be deleted only, if an encrypted
mail has been sent" etc. ...
What do you think about it?
(well ... if the coding of sks would be in a more common language, i
would have tested it on my own on my test-server ... ;-) )
Best regards ...
dirk / sks.fidocon.de / secure-u e.V.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJwL8wACgkQVuf/iihAxwjpbgCg9BOB4oJrQ+KpVRyn2mo2HpGD
MDwAoOLvFoGaE4knSxnGuX+r0Nhz7oN6
=UN4h
-----END PGP SIGNATURE-----
- [Sks-devel] Possible solution to "delete" keys,
dirk astrath <=