[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [ESD-translators] privacy on the keyservers
|
From: |
Ineiev |
|
Subject: |
Re: [ESD-translators] privacy on the keyservers |
|
Date: |
Mon, 9 Apr 2018 13:33:07 -0400 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hi, Tomas;
On Mon, Apr 09, 2018 at 10:45:57AM +0200, Tomas Stary wrote:
>
> > I have just thought more about the privacy on the keyservers.
> >
> > My worry is that when you sign keys of your friends and upload them to
> > the keyserver, everyone now knows who do you communicate with.
It's up to you: if you don't want people upload your signatures
on their keys, you don't send them their keys signed by you;
if they don't want your signatures on their keys to show up
on the keyservers, they don't upload the keys with your signatures
you sent them.
> > On the other hand, if you sign keys of complete strangers (although you
> > check their ID, access to the email), and they turn out to be evil, you
> > might be associated with them.
> >
> > You might protect yourself against that by never uploading the keys to
> > the keyserver, but then the network of trust is loosing the point.
Your signature doesn't mean any support for those people, it only
means that you checked their identities (it may not mean even that
when your policy allows signing random people's keys without
any checks).
Again, it's up to you, you may not send your signatures to anybody
if you think it's more important than building the Web of Trust (many
people do).
> > What is your view on that? Shouldn't that be more emphasized in the esd
> > guide?
People may have extremely different opinions (for example, someone
suggested uploading one's private keys in certain cases). ESD seems
to recommend something more or less neutral.
> > Also, there doesn't seem to be a way to remove the key from the
> > keyserver other than revoke the key.
No, even if you revoke the key, it stays on the keyservers (NB the plural).
the system is append-only, for good reasons.
> > I'm not expert on that, but
> > according the new European regulation GDPR, someone who stores private
> > data must allow users to delete data about them.
Arguably, yes. some unwise and antisocial user made the maintainer
of an Austrian keyserver shut it down, because keyservers don't
allow removing data (other keyservers still store the same data
in question).
> Other thought is that when I got my key uploaded on the keyserver it was
> not because I did actively do it. Instead one of my contacts did it when
> he synchronised his keys with the keyserver, i.e. I didn't gave an
> explicit authorization for the upload.
Public keys are meant to be public, I think people just shouldn't rely on
them being private.
> Perhaps there could be some information embedded in the key that says if
> the upload to the keyserver is authorized, so that the keyserver rejects
> the keys of the users who didn't authorised publication of their data.
I believe this isn't implementable: e.g. if some keyservers don't honour
these flags, the keys would propagate between them, anyway.
> Also, I'm aware, that the keys can be generated using pseudonyms and
> anyone can upload a fake key to the keyserver, but still a lot of
> private information about real people can be found there as well.
I don't think there is a lot of private information. most
if not all of that information is really public.
signature.asc
Description: Digital signature