> I think the only reasonable solution is that every server operator gets a
> local blacklist that can be filled with keys / signatures / regex etc. and
> that only prevents matched entries from being saved to the database. To
> remove a key from all servers, all operators would need to add it to the
> blacklist then. This prevents abuse of the mechanism while giving easy,
> effective control over the own database to every server operator.
> 
> We could then discuss or suggest entries for the blacklist that everyone
> should add, but it would be the responsibility and choice of every admin to
> follow the suggestions.

In theory it could work.
However we should have maintain such a large blacklist
as the whole database.
The story reminds me Google's automated deletion system.
It gets zillion requests a day.

Another idea: database must have a version number.
Key servers holding the same version may exchange keys unrestricted.
Different version servers exchange keys according to certain rules.
Every year or so we create a new cleaned version of database
and it gets a new version number.
So we don't need an endless growing blacklist. We select valuable
keys from the old (poisoned) version of the database into the new.
Then the new one becames the etalon that should reach every server.

Gabor

_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Reply via email to