Re: [Sks-devel] About deleting keys

[Arnold Schekkerman]

On 10/29/2013 11:15 PM, Kristian Fiskerstrand wrote:
> On 10/29/2013 11:04 PM, dirk astrath wrote:
>>>> If there is no private key needed and no verification done 
>>>> everybody can generate keys with every combination of name and
>>>>  email-adress, generated at random dates and upload them to the
>>>>  keyservers. And if everybody is able to generate and publish 
>>>> fake keys everybody can build up fake web of trust.
>>> This is why you have key validation requirements and 
>>> signatures/certification. The existence of a key doesn't bind
>>> that key to a specific individual, no matter what the UID says.
> 
>> Wrong ... the unique email-adress is the problem .. which is
>> usually in the UID of the key.
> 
> This isn't too relevant from a security perspective wrt a "fake web of
> trust" but seems more like a response wrt privacy questions.

But, privacy questions are the thing this is all about.

I don't expect anywhere to be a lawsuit against a key server operator for 
providing
keys without trusted signature on a UID. However, we already had an example of a
key server being shut down because of legal threat based on illegally providing
personal identifiable data (according to some local law).

Arnold