[Sks-devel] Withdrawal of Service

Hi,

Post by Moritz Wirth
keys.flanga.io will cease operation - we received a request to remove
some keys and since we are unable to do this, we will shutdown all
keyservers and erase all relevant databases immediately.

Would it be possible to share this request, omitting sensitive details?

Cheers,
Georg

Fabian A. Santiago

2018-11-15 23:23:43 UTC

Wow! Iâd love to see that as well.

I just saw Kristianâs post with his email exchange. Itâs a shame the situation is going down like this. I do hope a proper solution can be found so I and hopefully others can return to contributing to the network, should the mode of operation dictate and stay this way.

--

Thanks,

Fabian S.

OpenPGP:

0x643082042DC83E6D94B86C405E3DAA18A1C22D8F

Would it be possible to share this request, omitting sensitive details?
Cheers,
Georg

Kristian Fiskerstrand

2018-11-15 23:29:21 UTC

Wow! I’d love to see that as well.
I just saw Kristian’s post with his email exchange. It’s a shame the
situation is going down like this. I do hope a proper solution can be
found so I and hopefully others can return to contributing to the
network, should the mode of operation dictate and stay this way.

sadly we've had this situation happening several times in the past as
well, the GDPR rules aren't actually novel in Europe. There is however a
lot of FUD involved in it, and the actual legal action for a keyserver
to be shut down has yet to be seen (in a non-voluntary basis). I'm happy
to stay up for a while until we see any actual legal challenge to it.

In any case, the discussions we've seen lately aren't really about
security; nor really about privacy; they are about argumentum ad hominem
against the operators of the traditional keyserver network, in favor of
alternative communication channels and in particular certificate
authorities in the form of "validating keyservers". I don't care much
for them for various reasons, but I also don't mind them being a part of
the ecosystem (as long as users understand their position).
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"Expect the best. Prepare for the worst. Capitalize on what comes."
(Zig Ziglar)

Mike

2018-11-15 23:40:39 UTC

Post by Kristian Fiskerstrand

You seem to side step everytime. The keyserver software is broken, and isnt being fixed, and is proving unstable.

You have gotten complaints from admins about it and some have shutdown their servers because of it.
Why is nothing being done to fix these issues?

Each admin is legally at risk both from copyright material ending up on the servers they run and the GDPR.

Do you recommend to just ignore this?

On Fri, 16 Nov 2018 00:29:21 +0100

sadly we've had this situation happening several times in the past as
well, the GDPR rules aren't actually novel in Europe. There is however a
lot of FUD involved in it, and the actual legal action for a keyserver
to be shut down has yet to be seen (in a non-voluntary basis). I'm happy
to stay up for a while until we see any actual legal challenge to it.
In any case, the discussions we've seen lately aren't really about
security; nor really about privacy; they are about argumentum ad hominem
against the operators of the traditional keyserver network, in favor of
alternative communication channels and in particular certificate
authorities in the form of "validating keyservers". I don't care much
for them for various reasons, but I also don't mind them being a part of
the ecosystem (as long as users understand their position).
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"Expect the best. Prepare for the worst. Capitalize on what comes."
(Zig Ziglar)
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel

--
me <***@yakamo.org>

Mike

2018-11-15 23:46:16 UTC

Post by Kristian Fiskerstrand

Actually a really simple copyright issue one of my friends had the missfortune to encounter was using an image that was copyrighted on his website, he didnt really understand how this works and ended up with a 5,000 euro fine that he legally could not get out of.

Now apply that to the sks keyservers, doesnt take much to figure out how horribly wrong that could go for an admin.
Because in the eyes of the law its the admin thats responsible!

On Fri, 16 Nov 2018 00:40:39 +0100

Post by Mike
You seem to side step everytime. The keyserver software is broken, and isnt being fixed, and is proving unstable.
You have gotten complaints from admins about it and some have shutdown their servers because of it.
Why is nothing being done to fix these issues?
Each admin is legally at risk both from copyright material ending up on the servers they run and the GDPR.
Do you recommend to just ignore this?
On Fri, 16 Nov 2018 00:29:21 +0100

sadly we've had this situation happening several times in the past as
well, the GDPR rules aren't actually novel in Europe. There is however a
lot of FUD involved in it, and the actual legal action for a keyserver
to be shut down has yet to be seen (in a non-voluntary basis). I'm happy
to stay up for a while until we see any actual legal challenge to it.
In any case, the discussions we've seen lately aren't really about
security; nor really about privacy; they are about argumentum ad hominem
against the operators of the traditional keyserver network, in favor of
alternative communication channels and in particular certificate
authorities in the form of "validating keyservers". I don't care much
for them for various reasons, but I also don't mind them being a part of
the ecosystem (as long as users understand their position).
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"Expect the best. Prepare for the worst. Capitalize on what comes."
(Zig Ziglar)
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel

--
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel

--
me <***@yakamo.org>

Mike

2018-11-15 23:31:48 UTC

Fabian, im sure you can tell that nothings going to change :(

But maybe these shutdowns in protest will provoke change, before its too late?

On Thu, 15 Nov 2018 23:23:43 +0000

Wow! I’d love to see that as well.
I just saw Kristian’s post with his email exchange. It’s a shame the situation is going down like this. I do hope a proper solution can be found so I and hopefully others can return to contributing to the network, should the mode of operation dictate and stay this way.
--
Thanks,
Fabian S.
0x643082042DC83E6D94B86C405E3DAA18A1C22D8F

Would it be possible to share this request, omitting sensitive details?
Cheers,
Georg

--
me <***@yakamo.org>

Moritz Wirth

2018-11-15 23:50:31 UTC

I asked to be allowed to share some more details, however the request
was to remove/prevent indexing of 2 keys stored on our keyservers -
including copies of ID's to verify the request as required by the
european data protection law. Since it is not possible to prevent the
indexing of data, I think the only possible way to handle this request
is to shut them down. I don't see a reason to fight this - it is the
right of someone to get his/her data removed so we are required to do
this regardless of how crappy that law might be. If someone decides to
ignore it, it's up on them.

Post by Mike
Fabian, im sure you can tell that nothings going to change :(
But maybe these shutdowns in protest will provoke change, before its too late?
On Thu, 15 Nov 2018 23:23:43 +0000

Post by Fabian A. Santiago
Wow! Iâd love to see that as well.
I just saw Kristianâs post with his email exchange. Itâs a shame the situation is going down like this. I do hope a proper solution can be found so I and hopefully others can return to contributing to the network, should the mode of operation dictate and stay this way.
--
Thanks,
Fabian S.
0x643082042DC83E6D94B86C405E3DAA18A1C22D8F

Would it be possible to share this request, omitting sensitive details?
Cheers,
Georg

Fabian A. Santiago

2018-11-15 23:56:26 UTC

Yeh I donât agree with the stance âwe havenât seen a shutdown via legal challenge yet so Iâm happy to just hang and wait and see what happens...â. Sorry but many people running keyservers arenât businesses but rather private individuals and can not afford to risk ANY possible legal action. Once you hear from an attorney, the stakes go up and thatâs too much a risk to bear.

--

Thanks,

Fabian S.

OpenPGP:

0x643082042DC83E6D94B86C405E3DAA18A1C22D8F

Post by Moritz Wirth
I asked to be allowed to share some more details, however the request
was to remove/prevent indexing of 2 keys stored on our keyservers -
including copies of ID's to verify the request as required by the
european data protection law. Since it is not possible to prevent the
indexing of data, I think the only possible way to handle this request
is to shut them down. I don't see a reason to fight this - it is the
right of someone to get his/her data removed so we are required to do
this regardless of how crappy that law might be. If someone decides to
ignore it, it's up on them.

Post by Mike
Fabian, im sure you can tell that nothings going to change :(
But maybe these shutdowns in protest will provoke change, before its to=

o late?

Post by Mike
On Thu, 15 Nov 2018 23:23:43 +0000

Wow! I=E2=80=99d love to see that as well.
I just saw Kristian=E2=80=99s post with his email exchange. It=E2=80=99=

s a shame the situation is going down like this. I do hope a proper solut=
ion can be found so I and hopefully others can return to contributing to =
the network, should the mode of operation dictate and stay this way.

--
Thanks,
Fabian S.
0x643082042DC83E6D94B86C405E3DAA18A1C22D8F

Hi,

keys.flanga.io will cease operation - we received a request to remov=

some keys and since we are unable to do this, we will shutdown all
keyservers and erase all relevant databases immediately.

Would it be possible to share this request, omitting sensitive detail=

Cheers,
Georg

Mike

2018-11-16 00:09:23 UTC

This has Been Kristians approach to previous issues like this, and this has led to now. where the servers have not changed, that neglect now ruins it for everyone else and even puts the admins at risk of financial and legal damage, as you mentioned most cant afford to take that risk.

yakamo

On Thu, 15 Nov 2018 23:56:26 +0000

Yeh I don’t agree with the stance “we haven’t seen a shutdown via legal challenge yet so I’m happy to just hang and wait and see what happens...”. Sorry but many people running keyservers aren’t businesses but rather private individuals and can not afford to risk ANY possible legal action. Once you hear from an attorney, the stakes go up and that’s too much a risk to bear.
--
Thanks,
Fabian S.
0x643082042DC83E6D94B86C405E3DAA18A1C22D8F

Post by Mike
Fabian, im sure you can tell that nothings going to change :(
But maybe these shutdowns in protest will provoke change, before its to=

o late?

Post by Mike
On Thu, 15 Nov 2018 23:23:43 +0000

Wow! I=E2=80=99d love to see that as well.
I just saw Kristian=E2=80=99s post with his email exchange. It=E2=80=99=

--
Thanks,
Fabian S.
0x643082042DC83E6D94B86C405E3DAA18A1C22D8F

Hi,

keys.flanga.io will cease operation - we received a request to remov=

some keys and since we are unable to do this, we will shutdown all
keyservers and erase all relevant databases immediately.

Would it be possible to share this request, omitting sensitive detail=

Cheers,
Georg

--
me <***@yakamo.org>

Matthew Walster

2018-11-16 00:30:08 UTC

Post by Mike
This has Been Kristians approach to previous issues like this, and this
has led to now. where the servers have not changed, that neglect now ruins
it for everyone else and even puts the admins at risk of financial and
legal damage, as you mentioned most cant afford to take that risk.

Mike, to be clear, many of us are shutting down because of people like you,
not actual problems.

You fundamentally do not understand what you are talking about, you are
causing mischief just because it makes you feel important, and your
"journalistic" style is abhorrent.

Almost all the problems that the SKS network has are far worse in any of
the distributed Merkle-like cryptocurrencies or even systems like git or
mercurial for that matter (though those aren't quite as automatic).

It is you and your ilk that has ruined this, and Kristian has been nothing
but open, transparent, and patient with inquisitors, with little to no
thanks in return.

M

Mike

2018-11-16 00:36:56 UTC

Your welcome to blame others for the servers issues.

I and others have pointed out many times over the issues and no one has fixed them.
Rather than blame me, take responsibility for the servers failings, for the developers failings.

Decent and good developers take bugs and fix them and ensure the ongoing survival of their software, not blame them on the people who found them and exposed them!

Your basicly saying we should be able to have weak software and bad people shouldnt do bad things, thats not how the world works. Take some responsibility!!!

And im not a journalist!

On Fri, 16 Nov 2018 08:30:08 +0800

Mike, to be clear, many of us are shutting down because of people like you,
not actual problems.
You fundamentally do not understand what you are talking about, you are
causing mischief just because it makes you feel important, and your
"journalistic" style is abhorrent.
Almost all the problems that the SKS network has are far worse in any of
the distributed Merkle-like cryptocurrencies or even systems like git or
mercurial for that matter (though those aren't quite as automatic).
It is you and your ilk that has ruined this, and Kristian has been nothing
but open, transparent, and patient with inquisitors, with little to no
thanks in return.
M

--
me <***@yakamo.org>

Matthew Walster

2018-11-16 00:45:06 UTC

Post by Mike
Your welcome to blame others for the servers issues.
I and others have pointed out many times over the issues and no one has fixed them.
Rather than blame me, take responsibility for the servers failings, for
the developers failings.

You are more than welcome to submit patches (or even ideas for patches) if
you want to help improve things. Screaming blue murder helps no-one.

Decent and good developers take bugs and fix them and ensure the ongoing

Post by Mike
survival of their software, not blame them on the people who found them and
exposed them!

The software is not broken. It is performing as designed. The same
side-effects are present in Bitcoin but I don't see you making deranged
comments about that...

Your basicly saying we should be able to have weak software and bad people

Post by Mike
shouldnt do bad things, thats not how the world works. Take some
responsibility!!!

That's not what anyone is saying. What are you, 12 years old?

And im not a journalist!
You wrote an article.

M

Mike

2018-11-16 01:01:11 UTC

If i had the skill set needed to submit patches i would, but i don't.
But i do have a voice and that can be used to spur on change.

I wrote the articles because there is a clear ignorance here that your displaying really well, which is preventing things from getting fixed. Your clearly angry and not interested in resolving this issue through discussion. That ignorance is going to harm admins as Moritz Wirth and Fabian points out.

Can you say there's no risk to admins financially and legally, because of the poor design of the servers or do they work just fine and they have nothing to worry about?

If performing as designed means:
failing to deal with oversized keys and chewing up bandwidth and CPU cycles and causing servers to stop responding or the web interface to freeze or spit out garbage is a feature then ok.
or network instability then ok.

Mike :)

and if calling people children and being generally insulting is your thing your not really being constructive with this!

On Fri, 16 Nov 2018 08:45:06 +0800

You are more than welcome to submit patches (or even ideas for patches) if
you want to help improve things. Screaming blue murder helps no-one.
Decent and good developers take bugs and fix them and ensure the ongoing

Post by Mike
survival of their software, not blame them on the people who found them and
exposed them!

The software is not broken. It is performing as designed. The same
side-effects are present in Bitcoin but I don't see you making deranged
comments about that...
Your basicly saying we should be able to have weak software and bad people

Post by Mike
shouldnt do bad things, thats not how the world works. Take some
responsibility!!!

That's not what anyone is saying. What are you, 12 years old?
And im not a journalist!
You wrote an article.
M

--
me <***@yakamo.org>

Matthew Walster

2018-11-16 01:08:02 UTC

Post by Mike
If i had the skill set needed to submit patches i would, but i don't.
But i do have a voice and that can be used to spur on change.

<snip>

Good lord, Kristian, you have to deal with these people on a regular basis?

I haven't been part of the pool in quite a while now, but feel free to stop
in for a beer if you're ever in Amsterdam ;)

M

Mike

2018-11-16 01:10:36 UTC

And there goes the ignorance!

On Fri, 16 Nov 2018 09:08:02 +0800

Post by Mike
If i had the skill set needed to submit patches i would, but i don't.
But i do have a voice and that can be used to spur on change.

<snip>
Good lord, Kristian, you have to deal with these people on a regular basis?
I haven't been part of the pool in quite a while now, but feel free to stop
in for a beer if you're ever in Amsterdam ;)
M

--
me <***@yakamo.org>

Kristian Fiskerstrand

2018-11-16 08:35:19 UTC

Post by Matthew Walster
Good lord, Kristian, you have to deal with these people on a regular basis?

Yes
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"Expect the best. Prepare for the worst. Capitalize on what comes."
(Zig Ziglar)

Ryan Hunt

2018-11-16 01:12:14 UTC

Wait, you have the skillset to code attacks and spew articles yet, no capability for solutions? Smells like ignorance is your forte.

You seem to be under the impression that SKS has active developers working on it, the reason the âdev teamâ is quiet as per your âarticlesâ is there is no friggin dev team, just some maintainers pushing merge requests from people hacking it a bit here and there to fix major problems that can be fixed and keep it compiling on modern systems.

There is nobody actively interested in the development required to re-archectect the SKS backend and infrastructure that had been running fine for a few decades now.. until you came along and made a big stink.. If you have a proposal for a new way of doing things, weâre all dying to hear it.

-Ryan

Post by Mike
If i had the skill set needed to submit patches i would, but i don't.
But i do have a voice and that can be used to spur on change.
I wrote the articles because there is a clear ignorance here that your displaying really well, which is preventing things from getting fixed. Your clearly angry and not interested in resolving this issue through discussion. That ignorance is going to harm admins as Moritz Wirth and Fabian points out.
Can you say there's no risk to admins financially and legally, because of the poor design of the servers or do they work just fine and they have nothing to worry about?
failing to deal with oversized keys and chewing up bandwidth and CPU cycles and causing servers to stop responding or the web interface to freeze or spit out garbage is a feature then ok.
or network instability then ok.
Mike :)
and if calling people children and being generally insulting is your thing your not really being constructive with this!
On Fri, 16 Nov 2018 08:45:06 +0800

You are more than welcome to submit patches (or even ideas for patches) if
you want to help improve things. Screaming blue murder helps no-one.
Decent and good developers take bugs and fix them and ensure the ongoing

Post by Mike
survival of their software, not blame them on the people who found them and
exposed them!

The software is not broken. It is performing as designed. The same
side-effects are present in Bitcoin but I don't see you making deranged
comments about that...
Your basicly saying we should be able to have weak software and bad people

Post by Mike
shouldnt do bad things, thats not how the world works. Take some
responsibility!!!

That's not what anyone is saying. What are you, 12 years old?
And im not a journalist!
You wrote an article.
M

--
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel <https://lists.nongnu.org/mailman/listinfo/sks-devel>

Mike

2018-11-16 01:25:52 UTC

So you are angry that i and a few others have reported several bugs, to a system that we would like to see continue to exist?

It isn't an attack its a proof of concept to show that malicious people could do damage, this is to get a point across to prove there's an issue in hope someone fixes it as it has been ignored for years, im not the only one to write a proof of concept for the same issue. Yegor wrote a very very effect PoC and was ignored as well when he submitted the bug.

Should i or others not submit bugs that could be detrimental to the functioning of the network to get fixed, because this approach is very off putting. I guess people might think twice about reporting a bug to you!

And the PoC i wrote is pretty simple, in fact it can be made far more simple and dangerous, with little effort from someone with real coding skills!

And i have previously pointed out alternate solutions in a previous article, for example Keybase.io, i am not a fan but its certainly proving to be a way better option at the moment, and people are using it instead of the keyservers, or storing the keys on github or their website.

If there is no dev team, then maybe its time to call it a day instead of pretending everything is ok?

On Thu, 15 Nov 2018 18:12:14 -0700

Post by Ryan Hunt
Wait, you have the skillset to code attacks and spew articles yet, no capability for solutions? Smells like ignorance is your forte.
You seem to be under the impression that SKS has active developers working on it, the reason the “dev team” is quiet as per your “articles” is there is no friggin dev team, just some maintainers pushing merge requests from people hacking it a bit here and there to fix major problems that can be fixed and keep it compiling on modern systems.
There is nobody actively interested in the development required to re-archectect the SKS backend and infrastructure that had been running fine for a few decades now.. until you came along and made a big stink.. If you have a proposal for a new way of doing things, we’re all dying to hear it.
-Ryan

You are more than welcome to submit patches (or even ideas for patches) if
you want to help improve things. Screaming blue murder helps no-one.
Decent and good developers take bugs and fix them and ensure the ongoing

Post by Mike
survival of their software, not blame them on the people who found them and
exposed them!

The software is not broken. It is performing as designed. The same
side-effects are present in Bitcoin but I don't see you making deranged
comments about that...
Your basicly saying we should be able to have weak software and bad people

Post by Mike
shouldnt do bad things, thats not how the world works. Take some
responsibility!!!

That's not what anyone is saying. What are you, 12 years old?
And im not a journalist!
You wrote an article.
M

--
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel <https://lists.nongnu.org/mailman/listinfo/sks-devel>

--
me <***@yakamo.org>

Ryan Hunt

2018-11-16 01:53:30 UTC

Post by Mike
So you are angry that i and a few others have reported several bugs, to a system that we would like to see continue to exist?
If there is no dev team, then maybe its time to call it a day instead of pretending everything is ok?

Youâd make an excellent politician with this superb ability to speak out both ends, all while being incapable even coming up with solutions, let alone implementing them.

No one here has been pretending its okay, were just not willing to pack it up and call it a day because of you say we should.. thereâs literally no chance someoneâs going to read your articles and decide to volunteer the time and energy to implementing a solution.. so really everything youâve done and all your doing is to the detriment of the key server network.. and yet your surprised at the hostility youâve found here?

-Ryan

Post by Mike
On Thu, 15 Nov 2018 18:12:14 -0700

Post by Ryan Hunt
Wait, you have the skillset to code attacks and spew articles yet, no capability for solutions? Smells like ignorance is your forte.
You seem to be under the impression that SKS has active developers working on it, the reason the âdev teamâ is quiet as per your âarticlesâ is there is no friggin dev team, just some maintainers pushing merge requests from people hacking it a bit here and there to fix major problems that can be fixed and keep it compiling on modern systems.
There is nobody actively interested in the development required to re-archectect the SKS backend and infrastructure that had been running fine for a few decades now.. until you came along and made a big stink.. If you have a proposal for a new way of doing things, weâre all dying to hear it.
-Ryan

You are more than welcome to submit patches (or even ideas for patches) if
you want to help improve things. Screaming blue murder helps no-one.
Decent and good developers take bugs and fix them and ensure the ongoing

Post by Mike
survival of their software, not blame them on the people who found them and
exposed them!

The software is not broken. It is performing as designed. The same
side-effects are present in Bitcoin but I don't see you making deranged
comments about that...
Your basicly saying we should be able to have weak software and bad people

Post by Mike
shouldnt do bad things, thats not how the world works. Take some
responsibility!!!

That's not what anyone is saying. What are you, 12 years old?
And im not a journalist!
You wrote an article.
M

Ryan Hunt

2018-11-16 02:46:59 UTC

Iâve been contributing to those discussions and helping come up with those solutions your referencing, not beating on drums.. everyone here knows what the issues are and everyone has been honest about em, this entire mailerâs history is free to review and nobody has been hiding anything.. I just passed a decade subscribed to this mailing list.. Despite all the discussions that have taken place, you keep ringing the bell over and over with your cute little blog.

Right now Iâm drafting up a replacement solution and might POC some code for a future proposal if I manage to find the time.. because Iâve got experience and solutions, just not a lot of free time to implement a project this complex.. so if everyone here is going to depend on me for development, well its not going to get very far.. but mebe I can get something off the ground in a modular framework that more people can work with than the existing codebase.

Your other projects do not address the role of the SKS network, there is a need for a distributed list of keys.. for example a friend I grew up with now maintains architectural software builds for a popular Linux distribution, he needs to validate signatures of keys completely automated and in high volume coming from disperse projects and upstream sources.. We run a key server just for this task so heâs not hammering and abusing other key keyservers.. he needs to federate with a decentralized dataset or all that automation starts breakingâŠ He also dont have any need to concern him self with GDPR or nonsensical keys or copyrighted material since its only his build environments that is accessing them.

-Ryan

I think at least a warning should be given to the admins so they understand the full legal risks of running a keyserver.
as far as solutions once again ive actually pointed out that people in the comminity have already come up with solutions so i dont see the need to iterate over the same ideas, i actually link to one post in one of my articles about solutions on here. ive also reeferenced other projects. so i have contributed some solutions and pointed out better ones by others.
i also dont think its needed to be insulting in a debate, its not constructive.
What have you done to try and change things Ryan?
On Thu, 15 Nov 2018 18:53:30 -0700

Post by Ryan Hunt

Youâd make an excellent politician with this superb ability to speak out both ends, all while being incapable even coming up with solutions, let alone implementing them.
No one here has been pretending its okay, were just not willing to pack it up and call it a day because of you say we should.. thereâs literally no chance someoneâs going to read your articles and decide to volunteer the time and energy to implementing a solution.. so really everything youâve done and all your doing is to the detriment of the key server network.. and yet your surprised at the hostility youâve found here?
-Ryan

Post by Mike
On Thu, 15 Nov 2018 18:12:14 -0700

Post by Ryan Hunt
Wait, you have the skillset to code attacks and spew articles yet, no capability for solutions? Smells like ignorance is your forte.
You seem to be under the impression that SKS has active developers working on it, the reason the âdev teamâ is quiet as per your âarticlesâ is there is no friggin dev team, just some maintainers pushing merge requests from people hacking it a bit here and there to fix major problems that can be fixed and keep it compiling on modern systems.
There is nobody actively interested in the development required to re-archectect the SKS backend and infrastructure that had been running fine for a few decades now.. until you came along and made a big stink.. If you have a proposal for a new way of doing things, weâre all dying to hear it.
-Ryan

Post by Mike
Your welcome to blame others for the servers issues.
I and others have pointed out many times over the issues and no one has
fixed them.
Rather than blame me, take responsibility for the servers failings, for
the developers failings.

You are more than welcome to submit patches (or even ideas for patches) if
you want to help improve things. Screaming blue murder helps no-one.
Decent and good developers take bugs and fix them and ensure the ongoing

Post by Mike
survival of their software, not blame them on the people who found them and
exposed them!

The software is not broken. It is performing as designed. The same
side-effects are present in Bitcoin but I don't see you making deranged
comments about that...
Your basicly saying we should be able to have weak software and bad people

Post by Mike
shouldnt do bad things, thats not how the world works. Take some
responsibility!!!

That's not what anyone is saying. What are you, 12 years old?
And im not a journalist!
You wrote an article.
M

--
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel <https://lists.nongnu.org/mailman/listinfo/sks-devel> <https://lists.nongnu.org/mailman/listinfo/sks-devel <https://lists.nongnu.org/mailman/listinfo/sks-devel>> <https://lists.nongnu.org/mailman/listinfo/sks-devel <https://lists.nongnu.org/mailman/listinfo/sks-devel><https://lists.nongnu.org/mailman/listinfo/sks-devel <https://lists.nongnu.org/mailman/listinfo/sks-devel>>>

DevPGSV Pablo

2018-11-16 06:41:53 UTC

I'm not an active member of this community.

I represent a group of people. We recently set up a SKS Keyserver as a way
to contribute to the community.
We have had a lot of problems, but we don't have the knowledge and the
experience to contribute to the code or to submit pull requests.

I like the SKS Keyserver. I'm glad it exists and I plan on continue using
it.

However I'm also glad the is someone with knownledge thinking about
starting from scratch taking into account the concerns of the community in
order to offer a modern keyserver.

Ryan, I'd like to offer my help in the development of the solution you are
drafting up.

- Pablo Salmones

Post by Ryan Hunt
Iâve been contributing to those discussions and helping come up with those
solutions your referencing, not beating on drums.. everyone here knows what
the issues are and everyone has been honest about em, this entire mailerâs
history is free to review and nobody has been hiding anything.. I just
passed a decade subscribed to this mailing list.. Despite all the
discussions that have taken place, you keep ringing the bell over and over
with your cute little blog.
Right now Iâm drafting up a replacement solution and might POC some code
for a future proposal if I manage to find the time.. because Iâve got
experience and solutions, just not a lot of free time to implement a
project this complex.. so if everyone here is going to depend on me for
development, well its not going to get very far.. but mebe I can get
something off the ground in a modular framework that more people can work
with than the existing codebase.
Your other projects do not address the role of the SKS network, there is a
need for a distributed list of keys.. for example a friend I grew up with
now maintains architectural software builds for a popular Linux
distribution, he needs to validate signatures of keys completely automated
and in high volume coming from disperse projects and upstream sources.. We
run a key server just for this task so heâs not hammering and abusing other
key keyservers.. he needs to federate with a decentralized dataset or all
that automation starts breakingâŠ He also dont have any need to concern him
self with GDPR or nonsensical keys or copyrighted material since its only
his build environments that is accessing them.
-Ryan
I think at least a warning should be given to the admins so they
understand the full legal risks of running a keyserver.
as far as solutions once again ive actually pointed out that people in the
comminity have already come up with solutions so i dont see the need to
iterate over the same ideas, i actually link to one post in one of my
articles about solutions on here. ive also reeferenced other projects. so i
have contributed some solutions and pointed out better ones by others.
i also dont think its needed to be insulting in a debate, its not constructive.
What have you done to try and change things Ryan?
On Thu, 15 Nov 2018 18:53:30 -0700
So you are angry that i and a few others have reported several bugs, to a
system that we would like to see continue to exist?
If there is no dev team, then maybe its time to call it a day instead of
pretending everything is ok?
Youâd make an excellent politician with this superb ability to speak out
both ends, all while being incapable even coming up with solutions, let
alone implementing them.
No one here has been pretending its okay, were just not willing to pack it
up and call it a day because of you say we should.. thereâs literally no
chance someoneâs going to read your articles and decide to volunteer the
time and energy to implementing a solution.. so really everything youâve
done and all your doing is to the detriment of the key server network.. and
yet your surprised at the hostility youâve found here?
-Ryan
On Thu, 15 Nov 2018 18:12:14 -0700
Wait, you have the skillset to code attacks and spew articles yet, no
capability for solutions? Smells like ignorance is your forte.
You seem to be under the impression that SKS has active developers working
on it, the reason the âdev teamâ is quiet as per your âarticlesâ is there
is no friggin dev team, just some maintainers pushing merge requests from
people hacking it a bit here and there to fix major problems that can be
fixed and keep it compiling on modern systems.
There is nobody actively interested in the development required to
re-archectect the SKS backend and infrastructure that had been running fine
for a few decades now.. until you came along and made a big stink.. If you
have a proposal for a new way of doing things, weâre all dying to hear it.
-Ryan
If i had the skill set needed to submit patches i would, but i don't.
But i do have a voice and that can be used to spur on change.
I wrote the articles because there is a clear ignorance here that your
displaying really well, which is preventing things from getting fixed. Your
clearly angry and not interested in resolving this issue through
discussion. That ignorance is going to harm admins as Moritz Wirth and
Fabian points out.
Can you say there's no risk to admins financially and legally, because of
the poor design of the servers or do they work just fine and they have
nothing to worry about?
failing to deal with oversized keys and chewing up bandwidth and CPU
cycles and causing servers to stop responding or the web interface to
freeze or spit out garbage is a feature then ok.
or network instability then ok.
Mike :)
and if calling people children and being generally insulting is your thing
your not really being constructive with this!
On Fri, 16 Nov 2018 08:45:06 +0800
Your welcome to blame others for the servers issues.
I and others have pointed out many times over the issues and no one has fixed them.
Rather than blame me, take responsibility for the servers failings, for
the developers failings.
You are more than welcome to submit patches (or even ideas for patches) if
you want to help improve things. Screaming blue murder helps no-one.
Decent and good developers take bugs and fix them and ensure the ongoing
survival of their software, not blame them on the people who found them and
exposed them!
The software is not broken. It is performing as designed. The same
side-effects are present in Bitcoin but I don't see you making deranged
comments about that...
Your basicly saying we should be able to have weak software and bad people
shouldnt do bad things, thats not how the world works. Take some
responsibility!!!
That's not what anyone is saying. What are you, 12 years old?
And im not a journalist!
You wrote an article.
M
--
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel <
https://lists.nongnu.org/mailman/listinfo/sks-devel> <
https://lists.nongnu.org/mailman/listinfo/sks-devel<
https://lists.nongnu.org/mailman/listinfo/sks-devel>>
--
--
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel

JD Erickson

2018-11-16 02:53:04 UTC

I read the medium article - suffice it to say Mr. Mike seems to have a
reading comprehension problem, because in the article he insists the
keyserver network was intended to be resilient to attack (it is not, all of
us who have been in the network for even a short time know it is not, and
Kristian says it is not in his "interview" responses), and he also ignored
80% of the other stuff Kristian said in response to his questions. He seems
to have failed to forward a draft of his medium article to Kristian for a
"fact check" like he said he would, so on top of all that we have an
element of dishonesty and deception.

What we have here is a busybody who just wants to assert themselves in some
fashion. He has done so. Congratulations. You are a very impressive and
important security professional, Mr. Mike, we are all enamored with you.

You aren't the first uninvited busybody to come in and screw with a project
just to assert yourself, and I'm sure you won't be the last.

The inanity of people like you really leave a bad taste in my mouth for
this stuff.

Like someone else said, we were all fine until you showed up. That must
make you feel very important and validated. I'm happy for you.

Post by Mike
So you are angry that i and a few others have reported several bugs, to a
system that *we would like to see continue to exist?*
If there is no dev team,* then maybe its time to call it a day instead of
pretending everything is ok?*
Youâd make an excellent politician with this superb ability to speak out
both ends, all while being incapable even coming up with solutions, let
alone implementing them.
No one here has been pretending its okay, were just not willing to pack it
up and call it a day because of you say we should.. thereâs literally no
chance someoneâs going to read your articles and decide to volunteer the
time and energy to implementing a solution.. so really everything youâve
done and all your doing is to the detriment of the key server network.. and
yet your surprised at the hostility youâve found here?
-Ryan
On Thu, 15 Nov 2018 18:12:14 -0700
Wait, you have the skillset to code attacks and spew articles yet, no
capability for solutions? Smells like ignorance is your forte.
You seem to be under the impression that SKS has active developers working
on it, the reason the âdev teamâ is quiet as per your âarticlesâ is there
is no friggin dev team, just some maintainers pushing merge requests from
people hacking it a bit here and there to fix major problems that can be
fixed and keep it compiling on modern systems.
There is nobody actively interested in the development required to
re-archectect the SKS backend and infrastructure that had been running fine
for a few decades now.. until you came along and made a big stink.. If you
have a proposal for a new way of doing things, weâre all dying to hear it.
-Ryan
If i had the skill set needed to submit patches i would, but i don't.
But i do have a voice and that can be used to spur on change.
I wrote the articles because there is a clear ignorance here that your
displaying really well, which is preventing things from getting fixed. Your
clearly angry and not interested in resolving this issue through
discussion. That ignorance is going to harm admins as Moritz Wirth and
Fabian points out.
Can you say there's no risk to admins financially and legally, because of
the poor design of the servers or do they work just fine and they have
nothing to worry about?
failing to deal with oversized keys and chewing up bandwidth and CPU
cycles and causing servers to stop responding or the web interface to
freeze or spit out garbage is a feature then ok.
or network instability then ok.
Mike :)
and if calling people children and being generally insulting is your thing
your not really being constructive with this!
On Fri, 16 Nov 2018 08:45:06 +0800
Your welcome to blame others for the servers issues.
I and others have pointed out many times over the issues and no one has fixed them.
Rather than blame me, take responsibility for the servers failings, for
the developers failings.
You are more than welcome to submit patches (or even ideas for patches) if
you want to help improve things. Screaming blue murder helps no-one.
Decent and good developers take bugs and fix them and ensure the ongoing
survival of their software, not blame them on the people who found them and
exposed them!
The software is not broken. It is performing as designed. The same
side-effects are present in Bitcoin but I don't see you making deranged
comments about that...
Your basicly saying we should be able to have weak software and bad people
shouldnt do bad things, thats not how the world works. Take some
responsibility!!!
That's not what anyone is saying. What are you, 12 years old?
And im not a journalist!
You wrote an article.
M
--
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel <
https://lists.nongnu.org/mailman/listinfo/sks-devel>
--
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel

stuff

2018-11-16 04:36:48 UTC

Ill admit that was my mistake to not submit the article to Kristian first as promised, i genuinely forgot i had promised that, 2hrs of sleep yesterday and a fulls day work i didn't re-read the email and catch that before publication. For which i apologize, i am open for reasonable alterations to the article, to address this issue. i have addressed the need for corrections before and additional info in a previous article. Dishonest and deception is not my intent.

Kristian says in his interview the network was not designed to be resilient?
So why is the network made immutable by design? and why has it been made important as well that no single person can alter or abuse a key?

Im just here to try understand why no changes have happened, now i have learned no one is maintaining the project anymore, its dead in the water. This gives me a totally new perspective now.

"Busy body, inserting my self into this?"

Its an open source project so its reasonable when its users come asking questions or find bugs i think its fair to be able hold the maintainers to scrutiny or criticism and even challenge their actions. especially when people depend on the services.Especially when its holding their personal information!

From what i have gotten from all this is that the servers are nothing more than an overly complex immutable data storage system with numerous unfixed vulnerabilities that is no longer maintained, and poses financial and legal risk to the admins who run and support it, with no possible fixes in the foreseeable future?

Like someone else said, we were all fine until you showed up.

it has not been fine, there's been years of complaints about how the servers work or to be more accurate don't. Admins having issues constantly and questions or calls for help simply ignored. Now 2 more admins have complained and have not had a single response to their concerns. Once again very little to be heard kristian, i would like to see him address the concerns that Moritz Wirth and Fabian S have brought up.

Mike

On Thu, 15 Nov 2018 19:53:04 -0700

I read the medium article - suffice it to say Mr. Mike seems to have a
reading comprehension problem, because in the article he insists the
keyserver network was intended to be resilient to attack (it is not, all of
us who have been in the network for even a short time know it is not, and
Kristian says it is not in his "interview" responses), and he also ignored
80% of the other stuff Kristian said in response to his questions. He seems
to have failed to forward a draft of his medium article to Kristian for a
"fact check" like he said he would, so on top of all that we have an
element of dishonesty and deception.
What we have here is a busybody who just wants to assert themselves in some
fashion. He has done so. Congratulations. You are a very impressive and
important security professional, Mr. Mike, we are all enamored with you.
You aren't the first uninvited busybody to come in and screw with a project
just to assert yourself, and I'm sure you won't be the last.
The inanity of people like you really leave a bad taste in my mouth for
this stuff.
Like someone else said, we were all fine until you showed up. That must
make you feel very important and validated. I'm happy for you.

Post by Mike
So you are angry that i and a few others have reported several bugs, to a
system that *we would like to see continue to exist?*
If there is no dev team,* then maybe its time to call it a day instead of
pretending everything is ok?*
You’d make an excellent politician with this superb ability to speak out
both ends, all while being incapable even coming up with solutions, let
alone implementing them.
No one here has been pretending its okay, were just not willing to pack it
up and call it a day because of you say we should.. there’s literally no
chance someone’s going to read your articles and decide to volunteer the
time and energy to implementing a solution.. so really everything you’ve
done and all your doing is to the detriment of the key server network.. and
yet your surprised at the hostility you’ve found here?
-Ryan
On Thu, 15 Nov 2018 18:12:14 -0700
Wait, you have the skillset to code attacks and spew articles yet, no
capability for solutions? Smells like ignorance is your forte.
You seem to be under the impression that SKS has active developers working
on it, the reason the “dev team” is quiet as per your “articles” is there
is no friggin dev team, just some maintainers pushing merge requests from
people hacking it a bit here and there to fix major problems that can be
fixed and keep it compiling on modern systems.
There is nobody actively interested in the development required to
re-archectect the SKS backend and infrastructure that had been running fine
for a few decades now.. until you came along and made a big stink.. If you
have a proposal for a new way of doing things, we’re all dying to hear it.
-Ryan
If i had the skill set needed to submit patches i would, but i don't.
But i do have a voice and that can be used to spur on change.
I wrote the articles because there is a clear ignorance here that your
displaying really well, which is preventing things from getting fixed. Your
clearly angry and not interested in resolving this issue through
discussion. That ignorance is going to harm admins as Moritz Wirth and
Fabian points out.
Can you say there's no risk to admins financially and legally, because of
the poor design of the servers or do they work just fine and they have
nothing to worry about?
failing to deal with oversized keys and chewing up bandwidth and CPU
cycles and causing servers to stop responding or the web interface to
freeze or spit out garbage is a feature then ok.
or network instability then ok.
Mike :)
and if calling people children and being generally insulting is your thing
your not really being constructive with this!
On Fri, 16 Nov 2018 08:45:06 +0800
Your welcome to blame others for the servers issues.
I and others have pointed out many times over the issues and no one has fixed them.
Rather than blame me, take responsibility for the servers failings, for
the developers failings.
You are more than welcome to submit patches (or even ideas for patches) if
you want to help improve things. Screaming blue murder helps no-one.
Decent and good developers take bugs and fix them and ensure the ongoing
survival of their software, not blame them on the people who found them and
exposed them!
The software is not broken. It is performing as designed. The same
side-effects are present in Bitcoin but I don't see you making deranged
comments about that...
Your basicly saying we should be able to have weak software and bad people
shouldnt do bad things, thats not how the world works. Take some
responsibility!!!
That's not what anyone is saying. What are you, 12 years old?
And im not a journalist!
You wrote an article.
M
--
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel <
https://lists.nongnu.org/mailman/listinfo/sks-devel>
--
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel

--
stuff <***@yakamo.org>

Robert J. Hansen

2018-11-16 06:46:49 UTC

Post by stuff
Kristian says in his interview the network was not designed to be resilient?

Kinda-sorta. The basic keyserver architecture was designed in the very
early 1990s, and it's really quite resilient against the sorts of
threats we saw in the 1990s.

But the threat actors and their capabilities have vastly changed since
1992, and the network was not designed to be secure against the threats
that would emerge a quarter-century later.

Post by stuff
So why is the network made immutable by design?

If you don't understand how this was important in the 1990s and why,
perhaps you should take that as a hint you don't know the system
anywhere near as well as you insist you do.

Mike

2018-11-15 23:59:01 UTC

Moritz you did the right thing!

A lot of people consider the GDPR crappy only because it inconveniences them.
This law is actually extremely useful and greatly overdue.

On Fri, 16 Nov 2018 00:50:31 +0100

Post by Mike
Fabian, im sure you can tell that nothings going to change :(
But maybe these shutdowns in protest will provoke change, before its too late?
On Thu, 15 Nov 2018 23:23:43 +0000

Wow! I’d love to see that as well.
I just saw Kristian’s post with his email exchange. It’s a shame the situation is going down like this. I do hope a proper solution can be found so I and hopefully others can return to contributing to the network, should the mode of operation dictate and stay this way.
--
Thanks,
Fabian S.
0x643082042DC83E6D94B86C405E3DAA18A1C22D8F

Would it be possible to share this request, omitting sensitive details?
Cheers,
Georg

--
me <***@yakamo.org>

Moritz Wirth

2018-11-16 00:38:28 UTC

Also some personal words - this is not meant to judge or criticize
anyone but rather to express my own feelings and opinions about SKS
within the last months.

- The fact that most (all?) vulnerabilities inside SKS are known for a
very long time and have not been fixed is deeply concerning - for
example I really don't see any reason how a reasonable size limit of a
single key would have censored anybody - but it would have prevented
many keyservers from constantly becoming unresponsive as well as high
traffic and resource consumption (we spent 2.4 TB on peering over the
last 2 months). Just ignoring it because it still works somehow is
frustrating at best and desasterours at worst.
- GDPR is not really a new thing and it was already in place 2 years
before it actually became relevant. Instead of waiting until someone
uploads data relevant enough to get it removeed by a court, a simple
remove list would not have been a big deal.
- keys.flanga.io got kicked out of the pool around 3-4 months ago - the
initial response to this was about some missing Header files - my
request to check again was simply not answered. As I found out, it was
excluded due to "unrecognized server version" - it is true that we were
running our own implementation for a while - however this was not the
case for keys.flanga.io. Kicking it out is one thing (and comitting that
change 2 months later so I was finally able to see why), not responding
instead of resolving the issue is another - but no offense (we all
forget things :) ).
- Though SKS keyservers are not meant to be trusted, people still trust
in the reliability of it as a service. Therefore, it should be operated
and handled in that way - a roundrobin that is checked and updated every
hour when all 5 keyservers can be killed within seconds is not something
that I would consider reliable.

Best Regards,

Post by Mike
Moritz you did the right thing!
A lot of people consider the GDPR crappy only because it inconveniences them.
This law is actually extremely useful and greatly overdue.
On Fri, 16 Nov 2018 00:50:31 +0100

Post by Mike
Fabian, im sure you can tell that nothings going to change :(
But maybe these shutdowns in protest will provoke change, before its too late?
On Thu, 15 Nov 2018 23:23:43 +0000

Wow! I’d love to see that as well.
I just saw Kristian’s post with his email exchange. It’s a shame the situation is going down like this. I do hope a proper solution can be found so I and hopefully others can return to contributing to the network, should the mode of operation dictate and stay this way.
--
Thanks,
Fabian S.
0x643082042DC83E6D94B86C405E3DAA18A1C22D8F

Would it be possible to share this request, omitting sensitive details?
Cheers,
Georg

Keith Erekson

2018-11-16 16:19:13 UTC

Standard "I am not a lawyer" disclaimer applies, but it is my impression
(both from speaking to people who know more than I do about this, and
from reading article 17 of the GDPR) that the "right to be forgotten"
isn't necessarily absolute.

Meaning that if one were to receive such a request, and it is *not
possible* to remove the data, this doesn't automatically mean that the
only recourse is to shut down the service. Specifically, this language
is the part that catches my attention: "the controller, taking account
of available technology and the cost of implementation, shall take
reasonable steps, including technical measures, to inform controllers..."

Perhaps someone who has access to a lawyer could ask for clarification
on this? Speculation about what implications GDPR may or may not have
for the SKS network isn't especially productive, in my opinion. (I say
this as someone who might be shielded from liability by an employer's
legal counsel, however.)

Regarding the resource usage and/or instability of the SKS keyserver
itself, there are some of us who don't need to care about this,
thankfully ;-)

I maintain a keyserver in a VM at work, where its CPU/disk/bandwidth
usage are a proverbial drop in the bucket. As long as it keeps running
with minimal oversight on my part, I'm happy to provide this service.
The same applies to the mirrors that we operate.

Obviously this is a luxury and is not the case for many (most?) admins,
and I would never blame anyone for ceasing to volunteer their
resources/time for a project like this, but it is not necessarily a
problem for *all* of us that these issues have become (more) apparent in
the last year or so.

Just my two cents.

~Keith

Post by Mike
Fabian, im sure you can tell that nothings going to change :(
But maybe these shutdowns in protest will provoke change, before its too late?
On Thu, 15 Nov 2018 23:23:43 +0000

Would it be possible to share this request, omitting sensitive details?
Cheers,
Georg

_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel

Andrew Gallagher

2018-11-16 16:29:51 UTC

Post by Keith Erekson
Standard "I am not a lawyer" disclaimer applies, but it is my impression
(both from speaking to people who know more than I do about this, and
from reading article 17 of the GDPR) that the "right to be forgotten"
isn't necessarily absolute.

That is also my understanding.

Post by Keith Erekson
Meaning that if one were to receive such a request, and it is *not
possible* to remove the data, this doesn't automatically mean that the
only recourse is to shut down the service. Specifically, this language
is the part that catches my attention: "the controller, taking account
of available technology and the cost of implementation, shall take
reasonable steps, including technical measures, to inform controllers..."

"Reasonable" is a commonly encountered word in data protection law, and
what is or is not "reasonable" is a matter of interpretation.

The answer to this and many other questions about GDPR is that nobody
really knows for sure, not even the experts, and the only way to find
out is to wait for a test case to bring enlightenment. Until that
happens, even the most learned advice will be hedged with a thicket of
qualified assumptions.

--
Andrew Gallagher

dirk astrath

2018-11-16 16:59:44 UTC

Hello,

I didn' read all mails of this topic, but the GDPR-issue was already
named over half a year ago:

I somebody orders me (directly or via a lawyer) to remove personal data
like special key-data from the keyserver-database, I have two choices:

(a) Shutdown my keyserver (to avoid any lawsuits)
(b) Fight a lawsuit

Here in germany it's possible for individuals or organisations to send a
so-called "UnterlassungserklÃ€rung" (declaration of discontinuance) from
a layer, which is quite expensive.

Even if I sign this declaration and take immediate actions, there may be
costs (for the lawyer of the "other" site), which can be quite high
(several hundreds/thousands of euros).

Therefore I decided to shut down my own keyservers ... and advised the
association I ran more keyservers to either take the risk or shut down
their keyservers, too (Both decisions have been: Shutdown and monitor
the mailingist/... to activate it later again).

Back to the topic:

As an individual (especially in germany) the risk for a lawsuit for
GDPR-issues is too high ... and I assume, that most keyservers are run
by individuals and not by companies.

While reading several mails having this subject another issue was named:

Assume, somebody adds copyrighted material (like an image, a small
sound-file etc.) to a key and uploads this key to a server within the
keyserver-network.

As soon as this key can be downloaded from this (and due to
synchronisation) from any keyservers the keyserver-network distributes
this copyrighted material.

How can this issue be handled? Who will take the risk for fighting a
lawsuit?

If necessary, I can talk to a lawyer and ask about his viewpoint about
the GDPR and copyright-issue. (He is active within our local
opensource/free-software-community, so this will be free-of-charge)

Kind regards,

dirk

Post by Andrew Gallagher

That is also my understanding.

"Reasonable" is a commonly encountered word in data protection law, and
what is or is not "reasonable" is a matter of interpretation.
The answer to this and many other questions about GDPR is that nobody
really knows for sure, not even the experts, and the only way to find
out is to wait for a test case to bring enlightenment. Until that
happens, even the most learned advice will be hedged with a thicket of
qualified assumptions.
_______________________________________________
Sks-devel mailing list
https://lists.nongnu.org/mailman/listinfo/sks-devel

Georg Faerber

2018-12-05 14:52:34 UTC

Hi,

Post by Georg Faerber

Would it be possible to share this request, omitting sensitive
details?

I'm still interested in this.

Cheers,
Georg

Neil Alexander

2018-11-16 19:35:36 UTC