Re: Remove public key from keyserver

[Stefan Claas]

On Wed, 17 Jan 2018 09:42:07 +0100, Werner Koch wrote:
> On Tue, 16 Jan 2018 20:37, stefan.cl...@posteo.de said:
> 
> > users who uploaded their public keys on key servers would not
> > reveal that they know each other as shown with their signatures,
> > which the classical WoT somehow requires, instead of using local
> > sigs.   
> 
> I do not know most of the people whose key I signed in the last 25
> year. For a long time I had the policy to sign keys only after having
> seen an identity card in real life.  That policy was my own - others
> may have different policies.  I have also noticed quite some
> signature on my key From people I definitely never had met (even
> before the fun signature think started).

Thanks for pointing this out. When looking in the past on sigs, via
WWW key servers i always had the impression that people do a lot
of "fan" signing, thus making the classical WoT somewhat untrustworthy
to me, because those fans have never met you or others in person.

Should we ever see a new key server model, replacing the current one,
and only owners can upload their keys i think this would help to
eliminate those fan sigs too, which IMHO have no weight, unless of
course the owner of that key with fan sigs would also verify and sign
those signers.

> Thus the conclusion that a key signature indicates that the owners of
> those keys know each other is not correct.  Modulo some definition of
> "know".

Maybe a sig4 = family, long time friends which does not involve
verification of ID card documents. ... :-)

Regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Werner Koch]

On Tue, 16 Jan 2018 20:37, stefan.cl...@posteo.de said:

> users who uploaded their public keys on key servers would not
> reveal that they know each other as shown with their signatures,
> which the classical WoT somehow requires, instead of using local sigs. 

I do not know most of the people whose key I signed in the last 25 year.
For a long time I had the policy to sign keys only after having seen an
identity card in real life.  That policy was my own - others may have
different policies.  I have also noticed quite some signature on my key
From people I definitely never had met (even before the fun signature
think started).

Thus the conclusion that a key signature indicates that the owners of
those keys know each other is not correct.  Modulo some definition of
"know".


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgp1zvILpmgnC.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Kristian Fiskerstrand]

On 01/16/2018 11:40 AM, Stefan Claas wrote:
> Am 16.01.2018 um 11:12 schrieb Kristian Fiskerstrand:
> 
>> On 01/15/2018 09:23 PM, Stefan Claas wrote:
>>> No? I for one would like to be sure that i am the only person who
>>> can upload my public key to a key server directory.
>> This seems to be based on a misconception whereby you're attributing
>> properties of a certificate authority to the keyservers. OpenPGP already
>> has a method for certification from CAs, and that is by providing a
>> signature on the appropriate UID on the public keyblock. As long as the
>> signature is propagated on the keyserver network, these roles can be
>> appropriately isolated and the decision of whether or not to trust a
>> specific CA is left to the user performing the trust calculation,
>> incidentally also allowing for signatures from multiple CAs.
>>
> I'm not sure what you are talking about, a language barrier from my
> side,sorry.
> 
> The CA in Germany (Governikus) i have used sends me my certified key
> back to my
> email address and does not publish my pub key on key servers.

I'm not sure how to put it more clearly, but this seems to bring the
discussion into very specific territory. OpenPGP as a specification
handles this nicely, and whether a CA signature is published publicly or
not doesn't change the modus operandus.


-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

"The best way to predict the future is to invent it"
(Alan Kay)



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Kristian Fiskerstrand]

On 01/16/2018 08:37 PM, Stefan Claas wrote:
>> I know, but keybase.io's goal is (or was, back when I tested it) to
>> use those connections to somehow prove an identity.  It is a neat
>> idea for the facebook generation.  Privacy is something different.
> Agreed. But the word privacy would then also mean to me that
> users who uploaded their public keys on key servers would not
> reveal that they know each other as shown with their signatures,
> which the classical WoT somehow requires, instead of using local sigs. 
> 

A distinction need to be made here, "know each other" actually means
ever having confidence that the public keyblock belongs to that person.
That doesn't imply a very deep relationship except for having met at one
point to exchange information. You don't really attribute anything
except possibly having looked at a governmental issued ID at some point.

But yes, this comes back to security != privacy

-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

qui tacet consentire videtur
He who is silent is taken to agree



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: WKD was Remove public key from keyserver

[Stefan Claas]

On Tue, 16 Jan 2018 19:51:17 +0100, Werner Koch wrote:

> We definitely want to refine some things there but that requires a
> wider deployment.

I will for sure follow the WKD development and hope that also more
mail providers will offer a WKD service.
 
> > i have with posteo's WKD implementation is that their policy is
> > pretty strict, which i personally don't like and i told them so. I
> > would like  
> 
> Posteo does only allows the mail address (addr-spec) and no real name
> in the key for data protection reasons.  Thus a
> 
>  $ wget -O- posteo.de/.well-known/openpgpkey/policy 2>/dev/null
>  # Policy for draft-koch-openpgp-webkey-service-04
>  mailbox-only
>  auth-submit
> 
> shows this policy flag.  If you upload your key using a tool employing
> gpg-wks-client (e.g. Kmail or Enigmail) this policy will be detected
> and if a plain addr-spec only user0id does not exists a new user-id
> will be created and sent to posteo.
> 
> The real problem with Posteo is that they use invalid certificates for
> all but the posteo.de domain.  Thus my posteo.net account does not
> work because they redirect to posteo.de but do not include posteo.net
> in the certificate for the initial access to posteo.net.  Bummer.

Thanks for the information, much appreciated!

Regards
Stefan


-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Stefan Claas]

On Tue, 16 Jan 2018 19:36:30 +0100, Werner Koch wrote:
> On Tue, 16 Jan 2018 16:34, stefan.cl...@posteo.de said:
> 
> > the public key. He / she is not forced to provide any identity via
> > other web sites etc. Doing this is a method they have implemented
> > as sort  
> 
> I know, but keybase.io's goal is (or was, back when I tested it) to
> use those connections to somehow prove an identity.  It is a neat
> idea for the facebook generation.  Privacy is something different.

Agreed. But the word privacy would then also mean to me that
users who uploaded their public keys on key servers would not
reveal that they know each other as shown with their signatures,
which the classical WoT somehow requires, instead of using local sigs. 

> > Why do i prefer keybase.io over the old key server system? Because
> > i am in control of my public key there, so that nobody can do
> > funny  
> 
> They are in control of your key - not you.  You can ask them to do
> something without key but in the end the owners of this service decide
> what they allow you to do and what key they want to publish or stop
> publishing.  Or to shutdown their service.
> 
> Compare that to the keyservers: They have been around for 25 years and
> you can still find all keys ever uploaded there (I am not sure whether
> PGP 2.3 keys are still supported, though).  There is no single entity
> controlling this network.

To me this seems to be the only advantage that the network can't be
controlled. If IMHO key removal by the owner and upload only by the
owner could be implemented in the future than that would pretty
nice.

Regards
Stefan


-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Werner Koch]

On Tue, 16 Jan 2018 16:34, stefan.cl...@posteo.de said:

> the public key. He / she is not forced to provide any identity via other
> web sites etc. Doing this is a method they have implemented as sort

I know, but keybase.io's goal is (or was, back when I tested it) to use
those connections to somehow prove an identity.  It is a neat idea for
the facebook generation.  Privacy is something different.

> Why do i prefer keybase.io over the old key server system? Because
> i am in control of my public key there, so that nobody can do funny

They are in control of your key - not you.  You can ask them to do
something without key but in the end the owners of this service decide
what they allow you to do and what key they want to publish or stop
publishing.  Or to shutdown their service.

Compare that to the keyservers: They have been around for 25 years and
you can still find all keys ever uploaded there (I am not sure whether
PGP 2.3 keys are still supported, though).  There is no single entity
controlling this network.

> Understood, but what speaks against a (syncing) public key server
> system like the old pgp.com key server was, compared to the regular

As Robert already noted: The pgp.com keyserver was a single database
under the control of one entity which did for technical reasons not
syncing with the keyserver network.  IIRC, in the early days Randy
sometimes uploaded keys to the keyserver network but never imported
keys.  


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpTvZokqwWYj.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Robert J. Hansen]

> Understood, but what speaks against a (syncing) public key server
> system like the old pgp.com key server was, compared to the regular
> key servers, which don't allow deletion of a key, by the owner and if
> i remember correctly also only upload by the owner.

The pgp.com keyserver had some serious problems.  When I was at PGP
Security there were at least three engineers on the floor -- myself, Len
Sassaman, and Randy Harmon (the keyserver admin!) -- who thought the
keyserver was a pretty marginal idea specifically because we could be
compelled by governments to do unpleasant things.  None of us used that
keyserver in our own personal lives.

The pgp.com keyserver is also a *standalone* server.  It does not sync
with the keyserver network.  (Search for 0xB44427C7, for instance.  My
cert has been in the SKS network for years, but as of this writing isn't
in the pgp.com keyserver.)  That's important for several reasons.  It
means it's very easy for governments to blackhole, for instance.  And it
also means it's possible to drop certificates.

One of the other reasons SKS doesn't allow dropping information is
because it lets two disagreeing keyservers figure out very easily what
the canonical and correct data is: it is the union of the disparate
data.  As soon as you change this to allow for discarding data, suddenly
each certificate needs to bear with it some way to prove to other
keyservers that it's the most recent record and thus correct.  Now you
get into needing trusted timestamps, certifications of changes, adding
crypto code into SKS, and ... things get out of hand quickly.

If you like the PGP Global Directory, go for it.  Use it!  It still exists.

But please, understand why SKS works the way it does before telling
people to change it.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

WKD was Remove public key from keyserver

[Stefan Claas]

On Tue, 16 Jan 2018 08:52:44 +0100, Werner Koch wrote:
> On Mon, 15 Jan 2018 20:21, stefan.cl...@posteo.de said:
> 
> > O.k. Werner invented WKD which solves those problems, if i'm not
> > mistaken, but is it besides keybase.io widely deployed?  
> 
> Nope.  The Web Key Directory solves exactly one problem: How to
> initially map a mail address to a key.  This directory is hosted by
> the provider of the mail address because that is the only entity which
> controls the mail address.  

O.k. thanks for the clarification!

> Once this mail address has been mapped  keyservers can be used to get
> revocations and updates of the key.

This part i do not understand... i send the rev cert or my updated key
again to WKD and then i can search a regular key server for the updated
key?

> Unfortunately it is not yet widely supported; you can help to make it
> better known.

Well, i really would like to promote WKD at other places. The problem
i have with posteo's WKD implementation is that their policy is pretty
strict, which i personally don't like and i told them so. I would like
to see a mail provider using WKD which allows the user to use his
certified key.

Regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Robert J. Hansen]

> O.K. than it is a feature request. You also triggered something in me
> with the words "which you think belongs to you".

That's because you think information *does* belong to you.  But
information doesn't belong to anyone: the nature of information is that
it has no owners.  You can place restrictions on what people do with
information -- maybe -- but you can't make information into a possession
any more than you can declare you own mathematics.

The fact an EU committee has declared otherwise strikes me as like the
legend of King Canute.  When his advisers told him his power was without
limit, Canute took them to the ocean and let them watch as he ordered
the tide to not come in.  The tide came in anyway, thus proving Canute's
point to his advisers -- just because they say it's so doesn't mean it's so.

None of this is to say you have no privacy interest in your data, nor
that our laws shouldn't facilitate you having some control over your
private data.  But our laws also shouldn't be written in such a way as
to lead people to think they can *own* information.

> If i am not mistaken you have also a keybase account

Yep.

> How about this; let's make "your" public key the ideal canditate for a
> global trollwot session, were every GnuPG Linux user can participate
> and add some funny things to "your" public key.

You seem to be under the belief I don't see this as a problem.  As a
quick check in the archives will show you, I've been talking about this
problem for at least eight years.  And I know Werner's been dealing with
this problem for even longer.

Just because I think you understand neither the problem nor the deeply
problematic aspects of your proposed fixes, does not mean I disagree
there's a problem.

> This would imho give you and people you talk to in conferences etc.
> also a better view what i am talking about.

I already know exactly what you're concerned about.  I share in those
concerns.  I do not believe you're contributing to finding an answer to
these problems.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Stefan Claas]

On Tue, 16 Jan 2018 08:52:44 +0100, Werner Koch wrote:

> I wonder why you seem to suggest the US based keybase.io as a better
> solution.  After all keybase.io is a service which connects private
> data to private data of other sites and that all in the public.  I
> would consider this a real privacy problem compared to a public mail
> address on a keyserver with no other associated private data.

(sorry for the late reply, i did not see this message this morning)

Well, it is up to the user what he / she publishes on keybase.io besides
the public key. He / she is not forced to provide any identity via other
web sites etc. Doing this is a method they have implemented as sort
of another way of a web of trust, so to speak.

Why do i prefer keybase.io over the old key server system? Because
i am in control of my public key there, so that nobody can do funny
things with my key, like it is possible with the old key servers. If
people would like to sign my key they would have to provide me
my signed key so that i can upload it to keybase and not like the
other way the old key servers let people do, without my approval
first.

> The mail address is a technical necessity to send mail; mapping the
> mail address to a key is a technical necessity to send encrypted
> mail.  So what keyservers do is to provide a directory of public keys
> - in the same way as white pages of the phone systems.  Nobody
> requires you to enter you phone number / public key into a
> directory.  But if you want to receive phone calls / encrypted mails
> you need to somehow publish this data.  You can't remove your name
> from white pages either - they used to be printed in sometimes
> millions of copies.

Understood, but what speaks against a (syncing) public key server
system like the old pgp.com key server was, compared to the regular
key servers, which don't allow deletion of a key, by the owner and if
i remember correctly also only upload by the owner.

As it is of now with SKS and Co. i think in 2018 such a key server
model does not help for a clean database, which everybody can
look up, nor does it help users to protect their keys nor deleting
their keys, in case they like to do so.

Regards
Stefan


-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Stefan Claas]

Am 16.01.2018 um 11:12 schrieb Kristian Fiskerstrand:


On 01/15/2018 09:23 PM, Stefan Claas wrote:

No? I for one would like to be sure that i am the only person who
can upload my public key to a key server directory.

This seems to be based on a misconception whereby you're attributing
properties of a certificate authority to the keyservers. OpenPGP already
has a method for certification from CAs, and that is by providing a
signature on the appropriate UID on the public keyblock. As long as the
signature is propagated on the keyserver network, these roles can be
appropriately isolated and the decision of whether or not to trust a
specific CA is left to the user performing the trust calculation,
incidentally also allowing for signatures from multiple CAs.

I'm not sure what you are talking about, a language barrier from my 
side,sorry.


The CA in Germany (Governikus) i have used sends me my certified key 
back to my

email address and does not publish my pub key on key servers.

Regards
Stefan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Kristian Fiskerstrand]

On 01/15/2018 09:23 PM, Stefan Claas wrote:
> No? I for one would like to be sure that i am the only person who
> can upload my public key to a key server directory.

This seems to be based on a misconception whereby you're attributing
properties of a certificate authority to the keyservers. OpenPGP already
has a method for certification from CAs, and that is by providing a
signature on the appropriate UID on the public keyblock. As long as the
signature is propagated on the keyserver network, these roles can be
appropriately isolated and the decision of whether or not to trust a
specific CA is left to the user performing the trust calculation,
incidentally also allowing for signatures from multiple CAs.

-- 

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk

Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Fabricando fit faber
Practice makes perfect



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Stefan Claas]

Am 16.01.2018 um 10:18 schrieb Werner Koch:


On Tue, 16 Jan 2018 09:46, stefan.cl...@posteo.de said:


and add some funny things to "your" public key. This would be
also interesting to see how many signatures a public key can bear.

You may look at my key to see funny things and thousands of key
signatures from made up users.  They print a messges if viewed in a
keyserver listing.

Right, these key signatures allow for a DoS and eventually we should do
something about them.  As of now I resort to

import-filter drop-sig=   sig_created_d=2015-12-24
import-filter drop-sig=|| sig_created_d=2016-03-16
import-filter drop-sig=|| sig_created_d=2016-03-19
import-filter drop-sig=|| sig_created_d=2016-03-20

to keep my _local_ copy of the key at a reasonable size.

I have read also once on Wikipedia about that a DoS is possible,
but the Wiki Artikel gives no figures on how much Signatures are
needed to carry out such an attack.

And what would be your proposal to eventually circumwent this?

Regards
Stefan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Werner Koch]

On Tue, 16 Jan 2018 09:46, stefan.cl...@posteo.de said:

> and add some funny things to "your" public key. This would be
> also interesting to see how many signatures a public key can bear.

You may look at my key to see funny things and thousands of key
signatures from made up users.  They print a messges if viewed in a
keyserver listing.

Right, these key signatures allow for a DoS and eventually we should do
something about them.  As of now I resort to

import-filter drop-sig=   sig_created_d=2015-12-24
import-filter drop-sig=|| sig_created_d=2016-03-16
import-filter drop-sig=|| sig_created_d=2016-03-19
import-filter drop-sig=|| sig_created_d=2016-03-20

to keep my _local_ copy of the key at a reasonable size.



Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpFBeu18l27K.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Stefan Claas]

Am 16.01.2018 um 00:32 schrieb Robert J. Hansen:


(Responding here because Stefan's message hasn't hit my mail server yet)

My previous message to you and the list was bounced from your mail server.



It's from 2003.  It doesn't need modernization.

No? I for one would like to be sure that i am the only person who can
upload my public key to a key server directory.

Which is not a modernization issue.  It's a feature request, and the
feature you're asking for is DRM.  Literally.  You're asking that the
keyserver network be rewritten to give you the ability to manage how
information, which you think belongs to you, gets shared: that's DRM.
DRM schemes are awful and they don't work.

O.K. than it is a feature request. You also triggered something in me 
with the

words " which you think belongs to you".

If i am not mistaken you have also a keybase account, if not i applogize.
How about this; let's make "your" public key the ideal canditate for a
global trollwot session, were every GnuPG Linux user can participate
and add some funny things to "your" public key. This would be
also interesting to see how many signatures a public key can bear.

Maybe people can do also other things with "your" pub key and post
the used techniques here, like i did in the past with Erika Mustermann's
pub key and the added fake sig from Werner.

This would imho give you and people you talk to in conferences etc.
also a better view what i am talking about.

Best regards
Stefan






___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Werner Koch]

On Mon, 15 Jan 2018 20:21, stefan.cl...@posteo.de said:

> O.k. Werner invented WKD which solves those problems, if i'm not
> mistaken, but is it besides keybase.io widely deployed?

Nope.  The Web Key Directory solves exactly one problem: How to
initially map a mail address to a key.  This directory is hosted by the
provider of the mail address because that is the only entity which
controls the mail address.  Once this mail address has been mapped
keyservers can be used to get revocations and updates of the key.

Unfortunately it is not yet widely supported; you can help to make it
better known.

I wonder why you seem to suggest the US based keybase.io as a better
solution.  After all keybase.io is a service which connects private data
to private data of other sites and that all in the public.  I would
consider this a real privacy problem compared to a public mail address
on a keyserver with no other associated private data.

The mail address is a technical necessity to send mail; mapping the mail
address to a key is a technical necessity to send encrypted mail.  So
what keyservers do is to provide a directory of public keys - in the
same way as white pages of the phone systems.  Nobody requires you to
enter you phone number / public key into a directory.  But if you want
to receive phone calls / encrypted mails you need to somehow publish
this data.  You can't remove your name from white pages either - they
used to be printed in sometimes millions of copies.


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


pgpeDLrhhhHdL.pgp
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Robert J. Hansen]

(Responding here because Stefan's message hasn't hit my mail server yet)

>>> It's from 2003.  It doesn't need modernization.
>>
>> No? I for one would like to be sure that i am the only person who can
>> upload my public key to a key server directory.

Which is not a modernization issue.  It's a feature request, and the
feature you're asking for is DRM.  Literally.  You're asking that the
keyserver network be rewritten to give you the ability to manage how
information, which you think belongs to you, gets shared: that's DRM.
DRM schemes are awful and they don't work.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Andrew Gallagher]

> On 15 Jan 2018, at 21:13, Matthias Mansfeld 
>  wrote:
> 
> could this be implemented in a way that the _upload_ (not the 
> spreading between keyservers) requires signing? (unless it is a 
> revocation certificate)?

So long as there is one keyserver somewhere in the ecosystem that fails to 
enforce this, I don’t see the point...

A

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Matthias Mansfeld]

On 15 Jan 2018 at 21:23, Stefan Claas wrote:

> On Mon, 15 Jan 2018 15:00:34 -0500, Robert J. Hansen wrote:
> > > How long do we have now those old fashioned key servers  
> > 
> > SKS came out in 2003.  It largely replaced PKS, which was widely
> > considered old and broken.  SKS was Yaron Minsky's Ph.D thesis,
> > wherein he developed some really cutting-edge math to make key sync
> > fast and reliable.
> > 
> > "Old-fashioned" is not the phrase I'd use to describe something
> > considerably newer than GnuPG.
> > 
> > >, and was
> > > there ever been made attempts by the software maintainers to
> > > modernize the code  
> > 
> > It's from 2003.  It doesn't need modernization.
> 
> No? I for one would like to be sure that i am the only person who can
> upload my public key to a key server directory.
> 

could this be implemented in a way that the _upload_ (not the 
spreading between keyservers) requires signing? (unless it is a 
revocation certificate)?

> Example: Bob does some nasty things with Alice her key which she
> don't like, or better said hate. Since there is no key removal
> currently implemented how should she  deal with that?

Or it may be desirable/necessary not to disclose connections between 
specific persons, User IDs etc., thus to remove critical signatures.

Regards
Matthias
--
OpenPGP: http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc
Fingerprint: 6563 057D E6B8 9105 1CE4 18D0 4056 1F54 8B59 40EF


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver (was: Hide UID From Public Key Server By Poison Your Key?)

[Matthias Mansfeld]

On 15 Jan 2018 at 18:53, Andrew Gallagher wrote:

> 
> > On 15 Jan 2018, at 16:39, Stefan Claas 
> > wrote:
> > 
> > Maybe we need (a court) case were a PGP user requests the removal of
> > his / her keys until the operators and code maintainers wake up?
> 
> You also need to prove that removal is technically possible. Otherwise
> all that such a court case will achieve is to shut down the
> keyservers.

OK, THIS should be basically possible to implement, in the same way 
like a new or updated key propagates itself. Not now but would be a 
good idea. And with no warranty however that this key  is not 
anywhere else backbackbackupped and eventually loaded up again

Exists any flag for pubkeys "please do never ever store this key on a 
keyserver", if not, would be a good idea, too. There are many reasons 
NOT to want a key on the keyservers.

Regards
Matthias
--
OpenPGP: http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc
Fingerprint: 6563 057D E6B8 9105 1CE4 18D0 4056 1F54 8B59 40EF


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Stefan Claas]

On Mon, 15 Jan 2018 15:00:34 -0500, Robert J. Hansen wrote:
> > How long do we have now those old fashioned key servers  
> 
> SKS came out in 2003.  It largely replaced PKS, which was widely
> considered old and broken.  SKS was Yaron Minsky's Ph.D thesis,
> wherein he developed some really cutting-edge math to make key sync
> fast and reliable.
> 
> "Old-fashioned" is not the phrase I'd use to describe something
> considerably newer than GnuPG.
> 
> >, and was
> > there ever been made attempts by the software maintainers to
> > modernize the code  
> 
> It's from 2003.  It doesn't need modernization.

No? I for one would like to be sure that i am the only person who
can upload my public key to a key server directory.

Example: Bob does some nasty things with Alice her key which she
don't like, or better said hate. Since there is no key removal
currently implemented how should she  deal with that?

> Keyservers are designed the way they are for a reason.  If keyservers
> *never ever discard or modify existing data*, then you can easily
> identify any code which theoretically might be able to discard data
> as a bug, a vulnerability, or tampering with it by a malicious
> actor.  It makes code review easier and it makes it difficult for
> repressive regimes to surreptitiously take down certificates
> belonging to dissidents.
> 
> This "we never discard or modify existing data, we only ever add new
> data" rule has some *really really nice* properties for information
> security.  However, it also comes with a downside: we can't discard or
> modify existing data.
> 
> It's a package deal.  When SKS was being built in the early 2000s
> there were vigorous discussions about what properties we wanted in a
> keyserver.  We knew exactly what we were getting into.
> 
> Please, learn why it was built before you go about saying it was built
> badly.
> 
> > The old pgp.com key server solved those problems also nicely, if i
> > remember correctly.  
> 
> I worked at PGP Security during that time period.  It really didn't.
> If we'd received a court order compelling us to remove a cert from the
> keyserver and not tell anyone, we could have complied.  That gave the
> flaming heebie-jeebies to at least three engineers on the floor,
> including the keyserver admin, a guy named Randy Harmon.
> 
> Whether you embrace a "our keyserver can delete things" or "our
> keyserver is delete-free" model, that decision has immediate
> consequences you will not like.

Well, i personally liked the option that i could delete my key.

https://support.symantec.com/en_US/article.TECH148870.html

Regards
Stefan


-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Robert J. Hansen]

> Correct, but would it be really a big loss if we would loose all the
> old fashioned key servers  tomorrow? For me not.

I personally know Syrians and Iranians who have given me bear hugs at
conferences when they hear I'm involved with GnuPG, Enigmail, and am on
the periphery of SKS.  A common theme with these people is they believe,
on the basis of reasonable evidence, that their governments are involved
in active campaigns to intercept and/or degrade communications,
including by CNO means.

I have been asked probably ten times in the past five years by
dissidents, "Can I trust the keyservers?  Is there any way to tamper
with the data on them?"

I have always told them the keyservers are trustworthy, and that they
are designed to never delete or modify existing data.  This seems to be
a great relief to those dissidents.  If the keyserver network were to go
away tomorrow, it would definitely impact people in repressive regimes.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Robert J. Hansen]

> How long do we have now those old fashioned key servers

SKS came out in 2003.  It largely replaced PKS, which was widely
considered old and broken.  SKS was Yaron Minsky's Ph.D thesis, wherein
he developed some really cutting-edge math to make key sync fast and
reliable.

"Old-fashioned" is not the phrase I'd use to describe something
considerably newer than GnuPG.

>, and was
> there ever been made attempts by the software maintainers to
> modernize the code

It's from 2003.  It doesn't need modernization.

Keyservers are designed the way they are for a reason.  If keyservers
*never ever discard or modify existing data*, then you can easily
identify any code which theoretically might be able to discard data as a
bug, a vulnerability, or tampering with it by a malicious actor.  It
makes code review easier and it makes it difficult for repressive
regimes to surreptitiously take down certificates belonging to dissidents.

This "we never discard or modify existing data, we only ever add new
data" rule has some *really really nice* properties for information
security.  However, it also comes with a downside: we can't discard or
modify existing data.

It's a package deal.  When SKS was being built in the early 2000s there
were vigorous discussions about what properties we wanted in a
keyserver.  We knew exactly what we were getting into.

Please, learn why it was built before you go about saying it was built
badly.

> The old pgp.com key server solved those problems also nicely, if i
> remember correctly.

I worked at PGP Security during that time period.  It really didn't.  If
we'd received a court order compelling us to remove a cert from the
keyserver and not tell anyone, we could have complied.  That gave the
flaming heebie-jeebies to at least three engineers on the floor,
including the keyserver admin, a guy named Randy Harmon.

Whether you embrace a "our keyserver can delete things" or "our
keyserver is delete-free" model, that decision has immediate
consequences you will not like.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Robert J. Hansen]

> Maybe we need (a court) case were a PGP user requests the removal
> of his / her keys until the operators and code maintainers wake up?

Already happened back in 2010.

https://lists.nongnu.org/archive/html/sks-devel/2010-09/msg9.html

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Robert J. Hansen]

> I was just thinking, would it be possible to have a tag (a UID with
> special meaning, like “please-remove...@srs-keyservers.net”?) for which
> the signature would be verified by the keyserver, and that would cause
> it to drop everything from its storage apart from this tag?

Nope.  SKS has no cryptographic code in it.  It does no evaluation of
certificates or signatures.

Adding this feature would require a vast amount of effort to add RFC4880
signature verification into the core of SKS.  And it would also destroy
one of the design goals of SKS, which is "the keyserver never discards
data".

To implement this would require a completely new keyserver
implementation, one with considerably more code, which would *by design*
drop certificates.  I'd say it would take about five years for such a
re-work to come to maturity and be trusted.  So yes, it can be done, but
it's not something to be done lightly, nor without a ton of buy-in from
the existing keyserver community.

> That said I guess ideas like this have already likely been discussed before?

Many times.  There appears to be no easy fix.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Stefan Claas]

On Mon, 15 Jan 2018 18:53:26 +, Andrew Gallagher wrote:
> > On 15 Jan 2018, at 16:39, Stefan Claas 
> > wrote:
> > 
> > Maybe we need (a court) case were a PGP user requests the removal
> > of his / her keys until the operators and code maintainers wake
> > up?  
> 
> You also need to prove that removal is technically possible.
> Otherwise all that such a court case will achieve is to shut down the
> keyservers.

Correct, but would it be really a big loss if we would loose all the
old fashioned key servers  tomorrow? For me not.

Regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Stefan Claas]

On Mon, 15 Jan 2018 19:47:39 +0100, Peter Lebbing wrote:
> On 15/01/18 17:39, Stefan Claas wrote:
> > Maybe we need (a court) case were a PGP user requests the removal
> > of his / her keys until the operators and code maintainers wake
> > up?  
> 
> Wow, you're entertaining an interesting notion of what is "needed"!
> 
> Let's hope most people will just let keyserver operators alone while
> they offer their kind service for free to the world.
> 
> What is "needed" if you must, is someone thinking of a way to
> incorporate cryptographic validation into the whole gossip and what
> not process. Not turning loose the lawyers on people offering a free
> service. I can't believe what I'm hearing here. Just, wow.

How long do we have now those old fashioned key servers, and was
there ever been made attempts by the software maintainers to
modernize the code, like you are saying incorporating crypto
validation?

O.k. Werner invented WKD which solves those problems, if i'm not
mistaken, but is it besides keybase.io widely deployed?

The old pgp.com key server solved those problems also nicely, if i
remember correctly.

Regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver (was: Hide UID From Public Key Server By Poison Your Key?)

[Andrew Gallagher]

> On 15 Jan 2018, at 16:39, Stefan Claas  wrote:
> 
> Maybe we need (a court) case were a PGP user requests the removal
> of his / her keys until the operators and code maintainers wake up?

You also need to prove that removal is technically possible. Otherwise all that 
such a court case will achieve is to shut down the keyservers.

A

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver

[Peter Lebbing]

On 15/01/18 17:39, Stefan Claas wrote:
> Maybe we need (a court) case were a PGP user requests the removal
> of his / her keys until the operators and code maintainers wake up?

Wow, you're entertaining an interesting notion of what is "needed"!

Let's hope most people will just let keyserver operators alone while
they offer their kind service for free to the world.

What is "needed" if you must, is someone thinking of a way to
incorporate cryptographic validation into the whole gossip and what not
process. Not turning loose the lawyers on people offering a free
service. I can't believe what I'm hearing here. Just, wow.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver (was: Hide UID From Public Key Server By Poison Your Key?)

[Stefan Claas]

On Mon, 15 Jan 2018 17:14:40 +0100, Jason Lawrence wrote:
> > That said I guess ideas like this have already
> > likely been discussed before?  
> 
> Good luck with that, the similar discussing has
> been hold years and nothing ever changed. Last
> time I checked, a discussing in 2005 was labeled
> as "Remove public key from keyserver No.74"
>  
> 
> Sent: Monday, January 15, 2018 at 4:14 PM
> From: "Leo Gaspard" <l...@gaspard.io>
> To: gnupg-users@gnupg.org
> Subject: Remove public key from keyserver (was: Re: Hide UID From
> Public Key Server By Poison Your Key?) On 01/15/2018 08:13 AM, Robert
> J. Hansen wrote:>> Since you can never remove
> >> anything from the public key server, You are
> >> wondering if you can add something to it -- for
> >> example, add another 100 of UIDs with other
> >> people's real name and emails so people can not
> >> find out which one is yours, and append another
> >> 100 of digital signature so people get tired
> >> before figure out which one is from valid user.  
> >
> > I rarely use language like this, but this time I think it's
> > warranted:
> >
> > This is a total dick move. Don't do this. You'll make yourself a lot
> > of enemies, and if you pick the wrong real names and emails, some of
> > those people are pretty damn good at figuring out what's going on.
> >
> > Don't put real names and emails belonging to other people on your
> > cert. It's *rude*. If someone goes looking for "Robert J. Hansen
> > <r...@sixdemonbag.org>" I want them to see one cert is newest and I
> > want them to use that one. If you go about putting my name and
> > email address on your cert, I'm going to get cross.
> >
> > Again: this is a total dick move. Don't do this.  
> 
> That said, it raises the interesting question of revocation of data on
> keyservers (and the associated legal issues in operating keyservers,
> as the operator is supposed to comply with requests to remove
> personally-identifiable information from it).
> 
> I was just thinking, would it be possible to have a tag (a UID with
> special meaning, like “please-remove...@srs-keyservers.net”?) for
> which the signature would be verified by the keyserver, and that
> would cause it to drop everything from its storage apart from this
> tag? This way the “please remove me” tag would just naturally
> propagate across keyservers, and all up-to-date-enough keyservers
> will drop all the data associated with the key except the tag and the
> master public key (basically, the strict minimum to check the said
> tag).
> 
> That said I guess ideas like this have already
> lhttps://en.wikipedia.org/wiki/Right_to_be_forgottenikely been
> discussed before?

Maybe we need (a court) case were a PGP user requests the removal
of his / her keys until the operators and code maintainers wake up?

Or PGP users simply forget those old fashioned geek key servers
and use modern solutions like keybase.io for example.

https://en.wikipedia.org/wiki/Right_to_be_forgotten

Regards
Stefan

-- 
https://www.behance.net/futagoza
https://keybase.io/stefan_claas

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Remove public key from keyserver (was: Hide UID From Public Key Server By Poison Your Key?)

[Jason Lawrence]

> That said I guess ideas like this have already
> likely been discussed before?

Good luck with that, the similar discussing has
been hold years and nothing ever changed. Last
time I checked, a discussing in 2005 was labeled
as "Remove public key from keyserver No.74"
 

Sent: Monday, January 15, 2018 at 4:14 PM
From: "Leo Gaspard" <l...@gaspard.io>
To: gnupg-users@gnupg.org
Subject: Remove public key from keyserver (was: Re: Hide UID From Public Key 
Server By Poison Your Key?)
On 01/15/2018 08:13 AM, Robert J. Hansen wrote:>> Since you can never remove
>> anything from the public key server, You are
>> wondering if you can add something to it -- for
>> example, add another 100 of UIDs with other
>> people's real name and emails so people can not
>> find out which one is yours, and append another
>> 100 of digital signature so people get tired
>> before figure out which one is from valid user.
>
> I rarely use language like this, but this time I think it's warranted:
>
> This is a total dick move. Don't do this. You'll make yourself a lot
> of enemies, and if you pick the wrong real names and emails, some of
> those people are pretty damn good at figuring out what's going on.
>
> Don't put real names and emails belonging to other people on your cert.
> It's *rude*. If someone goes looking for "Robert J. Hansen
> <r...@sixdemonbag.org>" I want them to see one cert is newest and I want
> them to use that one. If you go about putting my name and email address
> on your cert, I'm going to get cross.
>
> Again: this is a total dick move. Don't do this.

That said, it raises the interesting question of revocation of data on
keyservers (and the associated legal issues in operating keyservers, as
the operator is supposed to comply with requests to remove
personally-identifiable information from it).

I was just thinking, would it be possible to have a tag (a UID with
special meaning, like “please-remove...@srs-keyservers.net”?) for which
the signature would be verified by the keyserver, and that would cause
it to drop everything from its storage apart from this tag? This way the
“please remove me” tag would just naturally propagate across keyservers,
and all up-to-date-enough keyservers will drop all the data associated
with the key except the tag and the master public key (basically, the
strict minimum to check the said tag).

That said I guess ideas like this have already likely been discussed before?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Remove public key from keyserver (was: Re: Hide UID From Public Key Server By Poison Your Key?)

[Leo Gaspard]

On 01/15/2018 08:13 AM, Robert J. Hansen wrote:>> Since you can never remove
>> anything from the public key server, You are
>> wondering if you can add something to it -- for
>> example, add another 100 of UIDs with other
>> people's real name and emails so people can not
>> find out which one is yours, and append another
>> 100 of digital signature so people get tired
>> before figure out which one is from valid user.
> 
> I rarely use language like this, but this time I think it's warranted:
> 
> This is a total dick move.  Don't do this.  You'll make yourself a lot
> of enemies, and if you pick the wrong real names and emails, some of
> those people are pretty damn good at figuring out what's going on.
> 
> Don't put real names and emails belonging to other people on your cert.
> It's *rude*.  If someone goes looking for "Robert J. Hansen
> " I want them to see one cert is newest and I want
> them to use that one.  If you go about putting my name and email address
> on your cert, I'm going to get cross.
> 
> Again: this is a total dick move.  Don't do this.

That said, it raises the interesting question of revocation of data on
keyservers (and the associated legal issues in operating keyservers, as
the operator is supposed to comply with requests to remove
personally-identifiable information from it).

I was just thinking, would it be possible to have a tag (a UID with
special meaning, like “please-remove...@srs-keyservers.net”?) for which
the signature would be verified by the keyserver, and that would cause
it to drop everything from its storage apart from this tag? This way the
“please remove me” tag would just naturally propagate across keyservers,
and all up-to-date-enough keyservers will drop all the data associated
with the key except the tag and the master public key (basically, the
strict minimum to check the said tag).

That said I guess ideas like this have already likely been discussed before?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users