On 01/16/2018 05:42 PM, Robert J. Hansen wrote: >> The mechanism to prove you are the owner of a public key is pretty much >> in place :-). A mechanism where you can have a signed statement saying >> "on 2018-01-16, I allow my key to show up on keyservers" > > It is theoretically and practically possible to have a keyserver that > honors such requests, but what many people want is *enforcement*. Not > merely a voluntary system that's trivially circumventable, but some > mechanism by which their public keys can be actively kept out of > circulation.
Well, if such requests were honored, this would fix the OP's answer (ie. “how do I hide the fact I mistakenly associated two unrelated UIDs on my key”, if I understood correctly), as well as requests pertaining to the EU's “right to be forgotten” (modulo people who would have lost their private key and still claim this right, but I guess the extraordinary measures taken for the last time it was invoked would still be possible). So that's at least a good part of the current problem solved, I think -- though obviously nothing close to the nightmare scenario or people wanting to DRM their keys. Also, there are flaws with this approach (like after a private key compromise, it would allow to prevent dissemination of the revocation certificate) [1], but fixes like allowing the statement to be “on 2018-04-01, please expose only the master key and its revocation certificate(s) to clients” would likely handle this particular issue. All I'm saying is that a system like this one is not a silver bullet solution, but may handle a few of the current complaints against the SKS network? [1] It looks like Kristian has written more about it during my typing this mail if I can guess from Peter's answer, though Kristian's mail didn't land in my mailbox yet. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users