What if the approach was to either have a web of trust to whitelist users able to upload images, or even more stringent strip all image data.
Is image data essential to operating? I hardly ever look at the images, and these images could be shared via other means. The keyservers would continue to operate with keys and revocation keys but no image data? >From memory the image can be removed from any key locally, so there is no reason that on submission it could not be removed. Doesn't solve all the issues, but would prevent malicious use of our servers in a direct manor. On 25 Mar 2018 8:12 p.m., "brent s." <b...@square-r00t.net> wrote: On 03/25/2018 07:39 AM, Andrew Gallagher wrote: > >> On 25 Mar 2018, at 03:37, Phil Pennock <sks-devel-p...@spodhuis.org> wrote: >> >> Disappearance of >> public keyservers would be a major inconvenience, but not a disaster. > > Considering that keyservers are currently the only resilient way to distribute key revocations, I’m not sure I would be so sanguine. If I’m hosting my key exclusively on WKD or some other web based service, it would be easy to prevent key revocations from being distributed. Granted, revocation is imperfect at the best of times. But SKS is the best tool we have at the moment, and the ecosystem would be severely damaged without it. > > A > I strongly and vehemently agree with both sides. On a more serious note (albeit somewhat off-topic), and admittedly much less deplorable a consideration - has the topic of copyrighted material being distributed in keys (notably in the image data) come up at any point? I suggest the same mechanism used in this approach should also be applicable to those instances as well. Under DMCA in the US, keyserver operators would be liable for this data (as we would be "distributing" it) and responsible for its removal for compliance. I presume many other countries have similar copyright laws/stipulations as well. (Ironically, many if not all of agents for intellectual property reclamation have PGP keys themselves on our servers, as one of the stipulations for a DMCA's validity per § 512(c)(3)(A) (found here[0]) is "A[n] ... electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.") [0] https://www.law.cornell.edu/uscode/text/17/512 -- brent saner https://square-r00t.net/ GPG info: https://square-r00t.net/gpg-info _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel