Folks, Several times in the past years the problem of deleting keys on user request is discussed.
E.g. see this thread and remember why should Peter Pramberger get out of business: http://lists.nongnu.org/archive/html/sks-devel/2010-09/threads.html#00020 The fundamental problem was that some users want their keys to delete from _all_ key servers. As we have seen already this is not possible for technology reasons. If key removal is useful or desirable is a totally different question. Some guys argue against it saying it would make impossible to check digital signatures made by the deleted key. I reply: who cares? The situation is the same if the user never upload his/her public key to a key server. The problem is have to solve -- I think -- that users threaten key server operators with legal actions. I have a proposal that may a trade-off. IMHO most of the complaining users will accept that their keys remains in the database but they are not appear in search results. Technical implementation is the following: If a user wants to hide his/her key (s)he just have to add a special uid e.g. "Do not include in search results" or so. The search engine just should ignore these keys. However key could be retrieved by hex keyID that makes verifying of digitally signed mails possible if the user still uses the hidden key for signing in the future. Key servers refuse retrieval by username or e-mail address only. I repeat IMO a lot of peoples get satisfied with this offer. A potential second level: retrieval by keyID can be also disabled with a more strict uid, e.g. "Forget this f*ed key". :-) Yes. Very smart and desperate end users and their lawyers may point out that the key is actually NOT deleted, and an impostor can download a key dump and can open a private data mine. But I guess they are quite few. (Yet.) BTW. The dumper could also drop these keys. Also the recon process. Or does this consume too much resources? Gabor _______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
