Re: Remove public key from keyserver

On Wed, 17 Jan 2018 09:42:07 +0100, Werner Koch wrote: > On Tue, 16 Jan 2018 20:37, stefan.cl...@posteo.de said: > > > users who uploaded their public keys on key servers would not > > reveal that they know each other as shown with their signatures, > > which the classical WoT somehow requires,

Re: Remove public key from keyserver

On Tue, 16 Jan 2018 20:37, stefan.cl...@posteo.de said: > users who uploaded their public keys on key servers would not > reveal that they know each other as shown with their signatures, > which the classical WoT somehow requires, instead of using local sigs. I do not know most of the people

Re: Remove public key from keyserver

On 01/16/2018 11:40 AM, Stefan Claas wrote: > Am 16.01.2018 um 11:12 schrieb Kristian Fiskerstrand: > >> On 01/15/2018 09:23 PM, Stefan Claas wrote: >>> No? I for one would like to be sure that i am the only person who >>> can upload my public key to a key server directory. >> This seems to be

Re: Remove public key from keyserver

On 01/16/2018 08:37 PM, Stefan Claas wrote: >> I know, but keybase.io's goal is (or was, back when I tested it) to >> use those connections to somehow prove an identity. It is a neat >> idea for the facebook generation. Privacy is something different. > Agreed. But the word privacy would then

Re: WKD was Remove public key from keyserver

On Tue, 16 Jan 2018 19:51:17 +0100, Werner Koch wrote: > We definitely want to refine some things there but that requires a > wider deployment. I will for sure follow the WKD development and hope that also more mail providers will offer a WKD service. > > i have with posteo's WKD

Re: Remove public key from keyserver

On Tue, 16 Jan 2018 19:36:30 +0100, Werner Koch wrote: > On Tue, 16 Jan 2018 16:34, stefan.cl...@posteo.de said: > > > the public key. He / she is not forced to provide any identity via > > other web sites etc. Doing this is a method they have implemented > > as sort > > I know, but

Re: Remove public key from keyserver

On Tue, 16 Jan 2018 16:34, stefan.cl...@posteo.de said: > the public key. He / she is not forced to provide any identity via other > web sites etc. Doing this is a method they have implemented as sort I know, but keybase.io's goal is (or was, back when I tested it) to use those connections to

Re: Remove public key from keyserver

> Understood, but what speaks against a (syncing) public key server > system like the old pgp.com key server was, compared to the regular > key servers, which don't allow deletion of a key, by the owner and if > i remember correctly also only upload by the owner. The pgp.com keyserver had some

WKD was Remove public key from keyserver

On Tue, 16 Jan 2018 08:52:44 +0100, Werner Koch wrote: > On Mon, 15 Jan 2018 20:21, stefan.cl...@posteo.de said: > > > O.k. Werner invented WKD which solves those problems, if i'm not > > mistaken, but is it besides keybase.io widely deployed? > > Nope. The Web Key Directory solves exactly

Re: Remove public key from keyserver

> O.K. than it is a feature request. You also triggered something in me > with the words "which you think belongs to you". That's because you think information *does* belong to you. But information doesn't belong to anyone: the nature of information is that it has no owners. You can place

Re: Remove public key from keyserver

On Tue, 16 Jan 2018 08:52:44 +0100, Werner Koch wrote: > I wonder why you seem to suggest the US based keybase.io as a better > solution. After all keybase.io is a service which connects private > data to private data of other sites and that all in the public. I > would consider this a real

Re: Remove public key from keyserver

Am 16.01.2018 um 11:12 schrieb Kristian Fiskerstrand: On 01/15/2018 09:23 PM, Stefan Claas wrote: No? I for one would like to be sure that i am the only person who can upload my public key to a key server directory. This seems to be based on a misconception whereby you're attributing

Re: Remove public key from keyserver

On 01/15/2018 09:23 PM, Stefan Claas wrote: > No? I for one would like to be sure that i am the only person who > can upload my public key to a key server directory. This seems to be based on a misconception whereby you're attributing properties of a certificate authority to the keyservers.

Re: Remove public key from keyserver

Am 16.01.2018 um 10:18 schrieb Werner Koch: On Tue, 16 Jan 2018 09:46, stefan.cl...@posteo.de said: and add some funny things to "your" public key. This would be also interesting to see how many signatures a public key can bear. You may look at my key to see funny things and thousands of key

Re: Remove public key from keyserver

On Tue, 16 Jan 2018 09:46, stefan.cl...@posteo.de said: > and add some funny things to "your" public key. This would be > also interesting to see how many signatures a public key can bear. You may look at my key to see funny things and thousands of key signatures from made up users. They print

Re: Remove public key from keyserver

Am 16.01.2018 um 00:32 schrieb Robert J. Hansen: (Responding here because Stefan's message hasn't hit my mail server yet) My previous message to you and the list was bounced from your mail server. It's from 2003. It doesn't need modernization. No? I for one would like to be sure that i am

Re: Remove public key from keyserver

On Mon, 15 Jan 2018 20:21, stefan.cl...@posteo.de said: > O.k. Werner invented WKD which solves those problems, if i'm not > mistaken, but is it besides keybase.io widely deployed? Nope. The Web Key Directory solves exactly one problem: How to initially map a mail address to a key. This

Re: Remove public key from keyserver

(Responding here because Stefan's message hasn't hit my mail server yet) >>> It's from 2003. It doesn't need modernization. >> >> No? I for one would like to be sure that i am the only person who can >> upload my public key to a key server directory. Which is not a modernization issue. It's a

Re: Remove public key from keyserver

> On 15 Jan 2018, at 21:13, Matthias Mansfeld > wrote: > > could this be implemented in a way that the _upload_ (not the > spreading between keyservers) requires signing? (unless it is a > revocation certificate)? So long as there is one keyserver

Re: Remove public key from keyserver

On 15 Jan 2018 at 21:23, Stefan Claas wrote: > On Mon, 15 Jan 2018 15:00:34 -0500, Robert J. Hansen wrote: > > > How long do we have now those old fashioned key servers > > > > SKS came out in 2003. It largely replaced PKS, which was widely > > considered old and broken. SKS was Yaron

Re: Remove public key from keyserver (was: Hide UID From Public Key Server By Poison Your Key?)

On 15 Jan 2018 at 18:53, Andrew Gallagher wrote: > > > On 15 Jan 2018, at 16:39, Stefan Claas > > wrote: > > > > Maybe we need (a court) case were a PGP user requests the removal of > > his / her keys until the operators and code maintainers wake up? > > You also need

Re: Remove public key from keyserver

On Mon, 15 Jan 2018 15:00:34 -0500, Robert J. Hansen wrote: > > How long do we have now those old fashioned key servers > > SKS came out in 2003. It largely replaced PKS, which was widely > considered old and broken. SKS was Yaron Minsky's Ph.D thesis, > wherein he developed some really

Re: Remove public key from keyserver

> Correct, but would it be really a big loss if we would loose all the > old fashioned key servers tomorrow? For me not. I personally know Syrians and Iranians who have given me bear hugs at conferences when they hear I'm involved with GnuPG, Enigmail, and am on the periphery of SKS. A common

Re: Remove public key from keyserver

> How long do we have now those old fashioned key servers SKS came out in 2003. It largely replaced PKS, which was widely considered old and broken. SKS was Yaron Minsky's Ph.D thesis, wherein he developed some really cutting-edge math to make key sync fast and reliable. "Old-fashioned" is not

Re: Remove public key from keyserver

> Maybe we need (a court) case were a PGP user requests the removal > of his / her keys until the operators and code maintainers wake up? Already happened back in 2010. https://lists.nongnu.org/archive/html/sks-devel/2010-09/msg9.html ___

Re: Remove public key from keyserver

> I was just thinking, would it be possible to have a tag (a UID with > special meaning, like “please-remove...@srs-keyservers.net”?) for which > the signature would be verified by the keyserver, and that would cause > it to drop everything from its storage apart from this tag? Nope. SKS has no

Re: Remove public key from keyserver

On Mon, 15 Jan 2018 18:53:26 +, Andrew Gallagher wrote: > > On 15 Jan 2018, at 16:39, Stefan Claas > > wrote: > > > > Maybe we need (a court) case were a PGP user requests the removal > > of his / her keys until the operators and code maintainers wake > > up? > >

Re: Remove public key from keyserver

On Mon, 15 Jan 2018 19:47:39 +0100, Peter Lebbing wrote: > On 15/01/18 17:39, Stefan Claas wrote: > > Maybe we need (a court) case were a PGP user requests the removal > > of his / her keys until the operators and code maintainers wake > > up? > > Wow, you're entertaining an interesting notion

Re: Remove public key from keyserver (was: Hide UID From Public Key Server By Poison Your Key?)

> On 15 Jan 2018, at 16:39, Stefan Claas wrote: > > Maybe we need (a court) case were a PGP user requests the removal > of his / her keys until the operators and code maintainers wake up? You also need to prove that removal is technically possible. Otherwise all that

Re: Remove public key from keyserver

On 15/01/18 17:39, Stefan Claas wrote: > Maybe we need (a court) case were a PGP user requests the removal > of his / her keys until the operators and code maintainers wake up? Wow, you're entertaining an interesting notion of what is "needed"! Let's hope most people will just let keyserver

Re: Remove public key from keyserver (was: Hide UID From Public Key Server By Poison Your Key?)

sing in 2005 was labeled > as "Remove public key from keyserver No.74" >   > > Sent: Monday, January 15, 2018 at 4:14 PM > From: "Leo Gaspard" <l...@gaspard.io> > To: gnupg-users@gnupg.org > Subject: Remove public key from keyserver (was: Re: Hide U

Re: Remove public key from keyserver (was: Hide UID From Public Key Server By Poison Your Key?)

> That said I guess ideas like this have already > likely been discussed before? Good luck with that, the similar discussing has been hold years and nothing ever changed. Last time I checked, a discussing in 2005 was labeled as "Remove public key from keyserver No.74"   Sent: Mo

Remove public key from keyserver (was: Re: Hide UID From Public Key Server By Poison Your Key?)

On 01/15/2018 08:13 AM, Robert J. Hansen wrote:>> Since you can never remove >> anything from the public key server, You are >> wondering if you can add something to it -- for >> example, add another 100 of UIDs with other >> people's real name and emails so people can not >> find out which one is