Discussion:
How to delete single keys from the SKS keyserver
(too old to reply)
Patrick Rother
2008-06-03 18:53:51 UTC
Permalink
Dear colleagues.

Can anyone tell me how I can delete single keys from a SKS key
server?

Thank you.
David Young
2008-06-03 20:25:31 UTC
Permalink
The easiest way I've found is to use the SKS web page, find the KEY hash,
and use sks drop <key hash> to remove the key.
Post by Patrick Rother
Dear colleagues.
Can anyone tell me how I can delete single keys from a SKS key
server?
Thank you.
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel
Patrick Rother
2008-06-04 06:56:58 UTC
Permalink
Hello.
Post by Christoph Martin
Post by Joseph Oreste Bruni
You can use the "sks drop" command with a key hash as a parameter. You'll need to have a running SKS server.
Althouhg having read "sks help", "sks --help" and the man page at
least two times each, I really overlooked the sks drop command.

Thank you!
Post by Christoph Martin
But if the key is already on other servers you will get it back with the
next sync.
Yes, I'm aware of that, but I have to comply with a users request to
delete the key.

BTW, is there a way to block specific keys from being synced into my
server?

Thank you.
Yaron Minsky
2008-06-04 11:25:07 UTC
Permalink
Post by Patrick Rother
Hello.
Post by Christoph Martin
Post by Joseph Oreste Bruni
You can use the "sks drop" command with a key hash as a parameter.
You'll need to have a running SKS server.
Althouhg having read "sks help", "sks --help" and the man page at
least two times each, I really overlooked the sks drop command.
Thank you!
Post by Christoph Martin
But if the key is already on other servers you will get it back with the
next sync.
Yes, I'm aware of that, but I have to comply with a users request to
delete the key.
BTW, is there a way to block specific keys from being synced into my
server?
There's nothing in theory to prevent it, but I never got around to
implementing blocks like this.

y
Post by Patrick Rother
Thank you.
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel
David Young
2008-06-04 14:01:24 UTC
Permalink
This brings up a good point. How does one permanently drop a key across all
SKS servers? I didn't realize that a drop does not permanently remove a
key. It sort of defeats the purpose of a drop since the SKS servers are
sync'ing every few seconds. The key will reappear within minutes won't it?
Post by Yaron Minsky
Post by Patrick Rother
Hello.
Post by Christoph Martin
Post by Joseph Oreste Bruni
You can use the "sks drop" command with a key hash as a parameter.
You'll need to have a running SKS server.
Althouhg having read "sks help", "sks --help" and the man page at
least two times each, I really overlooked the sks drop command.
Thank you!
Post by Christoph Martin
But if the key is already on other servers you will get it back with the
next sync.
Yes, I'm aware of that, but I have to comply with a users request to
delete the key.
BTW, is there a way to block specific keys from being synced into my
server?
There's nothing in theory to prevent it, but I never got around to
implementing blocks like this.
y
Post by Patrick Rother
Thank you.
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel
Kristian Fiskerstrand
2008-06-04 14:49:09 UTC
Permalink
Post by David Young
This brings up a good point. How does one permanently drop a key across
all SKS servers?
Long story short, you don't.

Such a feature would actually reduce the security of the overall
network, as you'd be able to delete e.g. revoked keys and replace them
with old copies of a compromised key.

People wanting such as scheme should use the PGP Global Directory, and
the GD only.

- --
- ----------------------------
Kristian Fiskerstrand
http://www.kfwebs.net
- ----------------------------
Nomina stultorum scribuntur ubique locorum
Fools have the habit of writing their names everywhere
- ----------------------------
http://www.secure-my-email.com
http://www.secure-my-internet.com
Yaron Minsky
2008-06-05 00:59:40 UTC
Permalink
Ari is right that it's not trivial, but I do think there are some
technically reasonable solutions if you can find some way of having everyone
agree on which keys should be removed. For instance, if you had a trusted
set of "deleters", they could sign certificates that indicated which keys
should be deleted, and these certificates could be gossiped around with
everything else, and used to delete keys from the network.

Unfortunately, the decentralized nature of the SKS network makes this a bit
hard to manage, since it's not clear who the trusted deleters should be.
(Also, there's the small matter of who should implement the functionality in
the keyserver. I'm happy to do maintenance work on SKS, but I don't have
time for implementing significant new functionality).

y
We had talked about approaches to this ... it turns out to be an
non-trivial problem to
integrate this with the efficient synchronizer without breaking the
synchronizer's efficiency.
Best,
_Ari
Post by Yaron Minsky
Post by Patrick Rother
Hello.
Post by Christoph Martin
Post by Joseph Oreste Bruni
You can use the "sks drop" command with a key hash as a parameter.
You'll need to have a running SKS server.
Althouhg having read "sks help", "sks --help" and the man page at
least two times each, I really overlooked the sks drop command.
Thank you!
Post by Christoph Martin
But if the key is already on other servers you will get it back with
the
Post by Yaron Minsky
Post by Patrick Rother
Post by Christoph Martin
next sync.
Yes, I'm aware of that, but I have to comply with a users request to
delete the key.
BTW, is there a way to block specific keys from being synced into my
server?
There's nothing in theory to prevent it, but I never got around to
implementing blocks like this.
y
Post by Patrick Rother
Thank you.
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel
------------------------------------------------------------------------
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel
Ari Trachtenberg
2008-06-04 16:28:39 UTC
Permalink
We had talked about approaches to this ... it turns out to be an
non-trivial problem to
integrate this with the efficient synchronizer without breaking the
synchronizer's efficiency.

Best,
_Ari
Post by Yaron Minsky
Post by Patrick Rother
Hello.
Post by Christoph Martin
Post by Joseph Oreste Bruni
You can use the "sks drop" command with a key hash as a parameter.
You'll need to have a running SKS server.
Althouhg having read "sks help", "sks --help" and the man page at
least two times each, I really overlooked the sks drop command.
Thank you!
Post by Christoph Martin
But if the key is already on other servers you will get it back with the
next sync.
Yes, I'm aware of that, but I have to comply with a users request to
delete the key.
BTW, is there a way to block specific keys from being synced into my
server?
There's nothing in theory to prevent it, but I never got around to
implementing blocks like this.
y
Post by Patrick Rother
Thank you.
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel
------------------------------------------------------------------------
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel
Joseph Oreste Bruni
2008-06-03 21:08:35 UTC
Permalink
You can use the "sks drop" command with a key hash as a parameter. You'll need to have a running SKS server.
--
PGP Fingerprint:
C54A C9DD 84AD C6FC D343 67C4 5195 D63A CD55 18C7
Post by Patrick Rother
Dear colleagues.
Can anyone tell me how I can delete single keys from a SKS key
server?
Thank you.
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel
Christoph Martin
2008-06-03 21:42:43 UTC
Permalink
Post by Joseph Oreste Bruni
You can use the "sks drop" command with a key hash as a parameter. You'll need to have a running SKS server.
But if the key is already on other servers you will get it back with the
next sync.

Christoph
--
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: ***@Verwaltung.Uni-Mainz.DE
Telefon: +49-6131-3926337
Loading...