> On 16 Aug 2019, at 22:45 , Stefan Claas <s...@300baud.de> wrote: > > O.k. I understand your point, but what I like to say is that I or anybody > else can download a dump without running a key server. While running a > key server requires a dump, it would be really nice if dumps are only > available to a (trusted) pool of operators, as long as the current SKS > model is still available on the Internet.
Well… here you’ll have to define “trusted”… Am I (being a South African with SKS servers in South Africa, France, Canada & Singapore) being trust worthy for a GDPR? Which of my servers may or may not peer with each other as a side note? Now if I load a dump in FRance, may I peer with my RSA server? or should I load the dump in RSA and peer with my France server? If I receive a GDPR take down, does it only apply to my server(s) in France, or what if my RSA servers are providing a VPN/TOR endpoint via a FRance server, is that also under the GDPR? The fact that the dumps exist, ACROSS THE GLOBE, makes any GDPR related discussion IMHO a very mute point once the data have entered the SKS server network. It’s like unseeing a naked photo of person… it’s just not “possible”. I would echo what everybody should know and understand: a PUBLIC KEY is by definition *PUBLIC*, NOTHING PRIVATE about it… BY DEFINITION. SKS network contains *PUBLIC* keys. It’s purpose, is to PUBLICLY make your communications, signed/etc. with the associated *private* key, by directed to you and associated with you to proof that it was *you* that signed/produced/etc. that piece of communication. That purpose would be to know that the communication was not forged as you, and thus people can take that piece of communications as being your words spoken and trusted as it was not somebody else faked you. It is also a mechanism that you can receive communications, meant only for your eyes (I meant *private* key :) )that nobody else can decode (given they’ve not compromised your private key). The fact that the SKS network had been and probably will still be abused/DoSed/etc. we can’t deny, but once people becomes silly, as I see this whole GDPR discussions have been, I have but one set of advice: Either you fix it, or you get out of the SKS server network… let those that run the SKS servers have the pains/legal battles/etc. when they are attacked by the GDPR enforcers, we’ll fight that battle, no need to make our lives worse off if you can’t add positive value… Yours enjoying his pop-corn reading these debates Hendrik
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel