Hi, > This is not the sks-server to decide whether the key or data needs to > be modified or suppressed. > The danger is that someone or organistaion manipulates a sks server > for others to accept without audits.
I think it's not about the risk of keyserver "manipulation", it's about the presence of faked keys. If I get the last lawsuite right, the payload of someones key with a faked email address was problematic. > I think this is the openpgp and Gnupgp to modify the program and add: > > 1- revoke the key without deleting data > 2 - revoke the key and delete data > Then sks-server respect the orders of the owner of the private key For legitimate owners that's the usual way. The worst scenario would be if someone lost it's private key, and is subsequently unable to revoke the public one. Personally, I'm currently very undecided how (or even if) the keyservers could prevent misusage. I have to talk with some of my collegues, one of them happens to be lawyer. I'll get back to the list, after getting more informations ;) cheers, - Stephan
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel