On Mon, 15 Jan 2018 17:14:40 +0100, Jason Lawrence wrote: > > That said I guess ideas like this have already > > likely been discussed before? > > Good luck with that, the similar discussing has > been hold years and nothing ever changed. Last > time I checked, a discussing in 2005 was labeled > as "Remove public key from keyserver No.74" > > > Sent: Monday, January 15, 2018 at 4:14 PM > From: "Leo Gaspard" <l...@gaspard.io> > To: gnupg-users@gnupg.org > Subject: Remove public key from keyserver (was: Re: Hide UID From > Public Key Server By Poison Your Key?) On 01/15/2018 08:13 AM, Robert > J. Hansen wrote:>> Since you can never remove > >> anything from the public key server, You are > >> wondering if you can add something to it -- for > >> example, add another 100 of UIDs with other > >> people's real name and emails so people can not > >> find out which one is yours, and append another > >> 100 of digital signature so people get tired > >> before figure out which one is from valid user. > > > > I rarely use language like this, but this time I think it's > > warranted: > > > > This is a total dick move. Don't do this. You'll make yourself a lot > > of enemies, and if you pick the wrong real names and emails, some of > > those people are pretty damn good at figuring out what's going on. > > > > Don't put real names and emails belonging to other people on your > > cert. It's *rude*. If someone goes looking for "Robert J. Hansen > > <r...@sixdemonbag.org>" I want them to see one cert is newest and I > > want them to use that one. If you go about putting my name and > > email address on your cert, I'm going to get cross. > > > > Again: this is a total dick move. Don't do this. > > That said, it raises the interesting question of revocation of data on > keyservers (and the associated legal issues in operating keyservers, > as the operator is supposed to comply with requests to remove > personally-identifiable information from it). > > I was just thinking, would it be possible to have a tag (a UID with > special meaning, like “please-remove...@srs-keyservers.net”?) for > which the signature would be verified by the keyserver, and that > would cause it to drop everything from its storage apart from this > tag? This way the “please remove me” tag would just naturally > propagate across keyservers, and all up-to-date-enough keyservers > will drop all the data associated with the key except the tag and the > master public key (basically, the strict minimum to check the said > tag). > > That said I guess ideas like this have already > lhttps://en.wikipedia.org/wiki/Right_to_be_forgottenikely been > discussed before?
Maybe we need (a court) case were a PGP user requests the removal of his / her keys until the operators and code maintainers wake up? Or PGP users simply forget those old fashioned geek key servers and use modern solutions like keybase.io for example. https://en.wikipedia.org/wiki/Right_to_be_forgotten Regards Stefan -- https://www.behance.net/futagoza https://keybase.io/stefan_claas _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
