[Sks-devel] How to delete single keys from the SKS keyserver

Dear colleagues.

Can anyone tell me how I can delete single keys from a SKS key
server?

Thank you.

David Young

2008-06-03 20:25:31 UTC

The easiest way I've found is to use the SKS web page, find the KEY hash,
and use sks drop <key hash> to remove the key.

Post by Patrick Rother
Dear colleagues.
Can anyone tell me how I can delete single keys from a SKS key
server?
Thank you.
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel

Patrick Rother

2008-06-04 06:56:58 UTC

Hello.

Post by Joseph Oreste Bruni
You can use the "sks drop" command with a key hash as a parameter. You'll need to have a running SKS server.

Althouhg having read "sks help", "sks --help" and the man page at
least two times each, I really overlooked the sks drop command.

Thank you!

Post by Christoph Martin
But if the key is already on other servers you will get it back with the
next sync.

Yes, I'm aware of that, but I have to comply with a users request to
delete the key.

BTW, is there a way to block specific keys from being synced into my
server?

Thank you.

Yaron Minsky

2008-06-04 11:25:07 UTC

Post by Patrick Rother
Hello.

Post by Joseph Oreste Bruni
You can use the "sks drop" command with a key hash as a parameter.

You'll need to have a running SKS server.
Althouhg having read "sks help", "sks --help" and the man page at
least two times each, I really overlooked the sks drop command.
Thank you!

Post by Christoph Martin
But if the key is already on other servers you will get it back with the
next sync.

Yes, I'm aware of that, but I have to comply with a users request to
delete the key.
BTW, is there a way to block specific keys from being synced into my
server?

There's nothing in theory to prevent it, but I never got around to
implementing blocks like this.

y

Post by Patrick Rother
Thank you.
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel

David Young

2008-06-04 14:01:24 UTC

This brings up a good point. How does one permanently drop a key across all
SKS servers? I didn't realize that a drop does not permanently remove a
key. It sort of defeats the purpose of a drop since the SKS servers are
sync'ing every few seconds. The key will reappear within minutes won't it?

Post by Patrick Rother
Hello.

Post by Joseph Oreste Bruni
You can use the "sks drop" command with a key hash as a parameter.

You'll need to have a running SKS server.
Althouhg having read "sks help", "sks --help" and the man page at
least two times each, I really overlooked the sks drop command.
Thank you!

Post by Christoph Martin
But if the key is already on other servers you will get it back with the
next sync.

Yes, I'm aware of that, but I have to comply with a users request to
delete the key.
BTW, is there a way to block specific keys from being synced into my
server?

There's nothing in theory to prevent it, but I never got around to
implementing blocks like this.
y

Post by Patrick Rother
Thank you.
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel

_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel

Kristian Fiskerstrand

2008-06-04 14:49:09 UTC

Post by David Young
This brings up a good point. How does one permanently drop a key across
all SKS servers?

Long story short, you don't.

Such a feature would actually reduce the security of the overall
network, as you'd be able to delete e.g. revoked keys and replace them
with old copies of a compromised key.

People wanting such as scheme should use the PGP Global Directory, and
the GD only.

- --
- ----------------------------
Kristian Fiskerstrand
http://www.kfwebs.net
- ----------------------------
Nomina stultorum scribuntur ubique locorum
Fools have the habit of writing their names everywhere
- ----------------------------
http://www.secure-my-email.com
http://www.secure-my-internet.com

Yaron Minsky

2008-06-05 00:59:40 UTC

Ari is right that it's not trivial, but I do think there are some
technically reasonable solutions if you can find some way of having everyone
agree on which keys should be removed. For instance, if you had a trusted
set of "deleters", they could sign certificates that indicated which keys
should be deleted, and these certificates could be gossiped around with
everything else, and used to delete keys from the network.

Unfortunately, the decentralized nature of the SKS network makes this a bit
hard to manage, since it's not clear who the trusted deleters should be.
(Also, there's the small matter of who should implement the functionality in
the keyserver. I'm happy to do maintenance work on SKS, but I don't have
time for implementing significant new functionality).

y

We had talked about approaches to this ... it turns out to be an
non-trivial problem to
integrate this with the efficient synchronizer without breaking the
synchronizer's efficiency.
Best,
_Ari

Post by Patrick Rother
Hello.

Post by Joseph Oreste Bruni
You can use the "sks drop" command with a key hash as a parameter.

You'll need to have a running SKS server.
Althouhg having read "sks help", "sks --help" and the man page at
least two times each, I really overlooked the sks drop command.
Thank you!

Post by Christoph Martin
But if the key is already on other servers you will get it back with

the

Post by Patrick Rother

Post by Christoph Martin
next sync.

Yes, I'm aware of that, but I have to comply with a users request to
delete the key.
BTW, is there a way to block specific keys from being synced into my
server?

There's nothing in theory to prevent it, but I never got around to
implementing blocks like this.
y

Post by Patrick Rother
Thank you.
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel

------------------------------------------------------------------------
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel

Ari Trachtenberg

2008-06-04 16:28:39 UTC

We had talked about approaches to this ... it turns out to be an
non-trivial problem to
integrate this with the efficient synchronizer without breaking the
synchronizer's efficiency.

Best,
_Ari

Post by Patrick Rother
Hello.

Post by Joseph Oreste Bruni
You can use the "sks drop" command with a key hash as a parameter.

You'll need to have a running SKS server.
Althouhg having read "sks help", "sks --help" and the man page at
least two times each, I really overlooked the sks drop command.
Thank you!

Post by Christoph Martin
But if the key is already on other servers you will get it back with the
next sync.

Yes, I'm aware of that, but I have to comply with a users request to
delete the key.
BTW, is there a way to block specific keys from being synced into my
server?

There's nothing in theory to prevent it, but I never got around to
implementing blocks like this.
y

Post by Patrick Rother
Thank you.
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel

------------------------------------------------------------------------
_______________________________________________
Sks-devel mailing list
http://lists.nongnu.org/mailman/listinfo/sks-devel

Joseph Oreste Bruni

2008-06-03 21:08:35 UTC

You can use the "sks drop" command with a key hash as a parameter. You'll need to have a running SKS server.
--
PGP Fingerprint:
C54A C9DD 84AD C6FC D343 67C4 5195 D63A CD55 18C7

Christoph Martin

2008-06-03 21:42:43 UTC