On 27 May 2016, at 15:35, Christoph Egger <christ...@christoph-egger.org> wrote: > > These bulk bullshit submissions are the mostly-harmless branch of the > problem. The way more pressing thing is > > a) distributing unlawfull / unethical data and having no way to get > rid of it (starting from copyright infringement to *really* bad > stuff) > b) Dealing with legal requests to delete personal information (which > is a "problem" in several jurisdications) > > The fake bulk signatures are certain annoying but not much more than that.
Yes, there are two separate problems at work here: the lesser one being spam and the greater one being warez. Anyone can create and publish a certification signature - this is an inherent feature of pgp and constraining it to "nice" behaviour will be Very Hard Indeed. Being analogous to spam I suspect any solutions will necessarily be similar to anti spam. (NB PoW has been proposed for anti spam purposes also, but notably never implemented) On the other hand, any pgp packet capable of storing warez (ie text or image ID) has to be signed by the primary key. This constrains the problem somewhat. It also partially underlies the spam issue because any use of signature spam beyond DoS requires something meaningful to be contained within an ID packet. I don't have the solution, but the "malicious ID packet" problem stems from two of the axioms underlying sks, and it is probably infeasible to change either of them: A) there is no authoritative source or traceability attached to any information; once it is in the system its provenance is treated as irrelevant, and forgotten. B) deletion of information is treated as damage, and the system works around it. Fix that and you fix the problem. A _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel