Hi Thorsten,

I believe the problem have been highlighted that the SKS keyservers are a very easily abused infrastructure with things like the photos etc.
not to mention big keys that caused other denial of service type attacks on the server infrastructure.

The question perhaps, is:
How critical is this SKS type infrastructure for whom?

It’s not DNS nor BGP type critical for the internet, so who do feels this is critical?
And if it is critical for somebody, those somebodies might need to put up their hands and start to perhaps rethink the keys, the infrastructure,
consider what have been learned recently etc. and then we might have a way to go forward in a bit more “protected way.

Just these few months I’ve been “involved”, I noticed the following:

- the keys might need to be formally specified -> how do you chec that is acually a proper key??
- size and format of userID etc.
- images might need to be dropped.
- filters for EU/etc. privacy specifications??

So yes, things like the magnet URIs might just be getting more prolific until we might need to be forced to shutdown ;(
---
Hendrik Visage
HeViS.Co Systems Pty Ltd
T/A Envisage Systems / Envisage Cloud Solutions
+27-84-612-5345 or +27-21-945-1192
***@envisage.co.za

I think filtering out UIDs by bad-pattern is a fool’s errand. Anyone can put anything they want in the real name field of an email UID, encoded using almost any scheme that they like, and it would be indistinguishable from a legitimate use case. And I would be wary of filtering in by good-pattern, as this could prevent the development of new use cases (e.g. monkeysphere).

If we are worried about arbitrary plain text in UIDs then the only safe thing to do is stop storing UIDs altogether. But it is far from clear that merely propagating a link is problematic enough to justify the wholesale abandonment of UIDs.

A