On Fri, Oct 21, 2005 at 11:47:06PM +0200, B. Kuestner wrote: > I'm still in the process of learning how to use GPG for signing and > encrypting messages. I use MacGPG on, you guessed it, OS X. > > The interface of the GPG Keychain app makes it really easy to do some > powerful stuff. And you know how it is, if powerful stuff is put in > the hands of ignorant people: > > Now I'm stuck with what you never want to get stuck with: I have keys > on the keyserver that I don't want to be there and I don't want have > the private key anymore. The keys are of unlimited validity. > > I have the passphrase, though, and I thought that this must be the > key (no pun intended) to everything. Unfortunately, the more I read > about it, the more I learn how wrong I am. > > I understand that technically there is no software command that I > could send off anywhere that could fix the situation, right?
If you don't have the private key, then yes, right. There is nothing you can do about it. > But somebody must be owning and administrating the keyserver > subkeys.pgp.net. How can I get to this person? And how can I prove > that I am the rightful fool to request deletion of those keys from > the server? You really can't. Even if one operator did remove the key, keyservers synchronize with each other, so the others could just put it back later. You'd have to remove it from all keyservers... and even then if someone accidentally resubmitted it, you'd have to go through this again. > I cannot believe that minutes of stupidity will leave the servers > running with in a sense corrupt entries for the rest of the lifetime > of gpg/pgp technologies. Surely this whole scheme must have a method, > maybe manual and not-free support, for such a scenario? Nope. It's an inherent scaling problem of the keyserver net. I've seen estimates that the majority of the keys on the keyserver net are not used for one reason or another, but can't be deleted. Even with the garbage keys, the keyserver database isn't too large to be served though. The PGP company is running a different sort of keyserver at http://keyserver.pgp.com. This type of keyserver allows you to remove keys if you can prove (by answering an email challenge) that you have access to the email address on the key. This keyserver obviously does not synchronize with the others, however. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
