Re: [openpgp-email] Keyservers and GDPR

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [openpgp-email] Keyservers and GDPR

Andy Mueller-Maguhn
On 23 May 2018, at 11:07, Patrick Brunschwig <[hidden email]> wrote:

> There are actually two different types of keyservers, which should be
> clearly distinguished.
>
> 1. the pool of SKS keyservers: as anyone can upload anybody's key, and
> as it does not allow to delete keys, it's IMHO by not compatible with GDPR.
>
> 2. other types of keyservers like the run by Mailvelope (and possibly
> others that I don't know of), that verify the keys they receive and
> allow to delete keys, are compatible with GDPR, or can be made
> compatible easily.

I don´t know what Mailvelope uses (as they seem to integrate everything
in their webfrontend), but adding a verification procedure when uploading
a key (through the email-address of the key) into the SKS keyservers
seems to me like long overdue, as it also would solve to an larger extend
the problem mentioned by Gabor with fake-keys uploaded in $other persons
name.

I do roughly recal that such a verification process has been discussed for
the SKS keyservers at one of the pgp-summit before, but i wonder what
happened to the idea. However, if it that is “good enough” to be compliant
with the GDPR i can´t say, but this sounds like a good idea in any case.

best,
A.


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: [openpgp-email] Keyservers and GDPR

Volker Birk
On Tue, Nov 06, 2018 at 05:27:14PM +0100, Andy Mueller-Maguhn wrote:
> I do roughly recal that such a verification process has been discussed for
> the SKS keyservers at one of the pgp-summit before, but i wonder what
> happened to the idea. However, if it that is “good enough” to be compliant
> with the GDPR i can´t say, but this sounds like a good idea in any case.

I'm not of the opinion that key servers are a good idea at all. It's
a pity that people still follow this wrong idea.

Yours,
VB.
--
Volker Birk, p≡p project
mailto:[hidden email]
https://pep.software

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [openpgp-email] Keyservers and GDPR

holger krekel
On Tue, Nov 06, 2018 at 17:57 +0100, Volker Birk wrote:
> On Tue, Nov 06, 2018 at 05:27:14PM +0100, Andy Mueller-Maguhn wrote:
> > I do roughly recal that such a verification process has been discussed for
> > the SKS keyservers at one of the pgp-summit before, but i wonder what
> > happened to the idea. However, if it that is “good enough” to be compliant
> > with the GDPR i can´t say, but this sounds like a good idea in any case.
>
> I'm not of the opinion that key servers are a good idea at all. It's
> a pity that people still follow this wrong idea.

I happen to be similarly skeptical of key servers and don't want
to spend much effort with helping to evolve the concept.
I might be wrong, though, and there are good uses that solve real
security issues for people.  When i say "real security issues"
i mean those who otherwise are oppressed and imprisoned for real,
not in some potentiality.  It's about real outcomes for people
and not some security ideal.

Some folks certainly think key servers are useful and i respect them.
And also, who knows, i might be missing something.  I admit that
so far the arguments pro key servers (eg revocation) have
not made me lean more towards going for it.

holger

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (486 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [openpgp-email] Keyservers and GDPR

Andrew Gallagher
In reply to this post by Volker Birk

> On 6 Nov 2018, at 16:57, Volker Birk <[hidden email]> wrote:
>
> I'm not of the opinion that key servers are a good idea at all. It's
> a pity that people still follow this wrong idea.

There are other methods for discovery that don’t suffer from the same weaknesses, but there is no equally resilient method of distributing revocations.

A

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: [openpgp-email] Keyservers and GDPR

stuff
I don't think "resilient" can be used any more in relation to sks-keyservers as they drop offline on and off and even one malicious individual could take the whole network down if motivated enough.

On Tue, 6 Nov 2018 18:34:49 +0000
Andrew Gallagher <[hidden email]> wrote:

>
> > On 6 Nov 2018, at 16:57, Volker Birk <[hidden email]> wrote:
> >
> > I'm not of the opinion that key servers are a good idea at all. It's
> > a pity that people still follow this wrong idea.
>
> There are other methods for discovery that don’t suffer from the same weaknesses, but there is no equally resilient method of distributing revocations.
>
> A
>
> _______________________________________________
> Sks-devel mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/sks-devel


--
me <[hidden email]>

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: [openpgp-email] Keyservers and GDPR

stuff
In reply to this post by Andrew Gallagher
I don't think "resilient" can be used any more in relation to sks-keyservers as they drop offline on and off and even one malicious individual could take the whole network down if motivated enough.

On Tue, 6 Nov 2018 18:34:49 +0000
Andrew Gallagher <[hidden email]> wrote:

>
> > On 6 Nov 2018, at 16:57, Volker Birk <[hidden email]> wrote:
> >
> > I'm not of the opinion that key servers are a good idea at all. It's
> > a pity that people still follow this wrong idea.
>
> There are other methods for discovery that don’t suffer from the same weaknesses, but there is no equally resilient method of distributing revocations.
>
> A
>
> _______________________________________________
> Sks-devel mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/sks-devel


--
me <[hidden email]>

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Autocrypt] [openpgp-email] Keyservers and GDPR

holger krekel
In reply to this post by holger krekel
On Tue, Nov 06, 2018 at 18:57 +0100, holger krekel wrote:

> On Tue, Nov 06, 2018 at 17:57 +0100, Volker Birk wrote:
> > On Tue, Nov 06, 2018 at 05:27:14PM +0100, Andy Mueller-Maguhn wrote:
> > > I do roughly recal that such a verification process has been discussed for
> > > the SKS keyservers at one of the pgp-summit before, but i wonder what
> > > happened to the idea. However, if it that is “good enough” to be compliant
> > > with the GDPR i can´t say, but this sounds like a good idea in any case.
> >
> > I'm not of the opinion that key servers are a good idea at all. It's
> > a pity that people still follow this wrong idea.
>
> I happen to be similarly skeptical of key servers and don't want
> to spend much effort with helping to evolve the concept.
> I might be wrong, though, and there are good uses that solve real
> security issues for people.  When i say "real security issues"
> i mean those who otherwise are oppressed and imprisoned for real,
> not in some potentiality.  It's about real outcomes for people
> and not some security ideal.
>
> Some folks certainly think key servers are useful and i respect them.
> And also, who knows, i might be missing something.  I admit that
> so far the arguments pro key servers (eg revocation) have
> not made me lean more towards going for it.
Just to be clear, i am refering to key server usage for e2e email.

For supporting Debian and similar other ecosystems key servers
have served quite well as far as i understand.  And then, reconciling
key servers with the GDPR for public signing and verification
infrastructure seems like a good idea (including revocation i guess).

holger

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (486 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [openpgp-email] Keyservers and GDPR

Andrew Gallagher
In reply to this post by stuff

> On 6 Nov 2018, at 20:09, Mike <[hidden email]> wrote:
>
> I don't think "resilient" can be used any more in relation to sks-keyservers as they drop offline on and off and even one malicious individual could take the whole network down if motivated enough.

Individual servers drop on and offline but the network as a whole is more robust. It is easy to take down the entire network of course, but this is very noisy. It is very hard to selectively prevent only a particular revocation from being served by the keyservers. Most other methods of distributing keys allow for selective blocking of one domain or even one address.

A

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: [openpgp-email] Keyservers and GDPR

stuff
In reply to this post by Andy Mueller-Maguhn
So it seems like the usual response is to ignore the fatal issues that could affect this network. 6 months on from the first set of PoC's and no one has stepped forward to fix them - they have only attempted to defend the network through pride. How is anyone meant to trust infrastructure run by people who avoid problems like this?

As usual, people keep burying their heads in the sand with nothing more than excuses. Something as simple and small as a Raspberry Pi could down the entire network. "Resilient against governments"? I don't think so! These servers no longer provide the function they once promised, and this needs to be addressed by the leading figures of the community with direct and clear responses, not excuses!

I believe that Kristian is the main spokesperson? He has never once stepped forward and commented on any of the issues.

Kind Regards

Yakamo

On Wed, 07 Nov 2018 10:13:06 +0100
Werner Koch <[hidden email]> wrote:

> On Tue,  6 Nov 2018 17:27, [hidden email] said:
>
> > I do roughly recal that such a verification process has been discussed for
> > the SKS keyservers at one of the pgp-summit before, but i wonder what
> > happened to the idea. However, if it that is “good enough” to be compliant
>
> This requires that there are no rogue keyservers in the network and that
> in turn means that they are under the control of a single entity.  Or
> in short, let Google take care of it.
>
> Such verification will be a single point of failure and it would be
> trivial for governments or corporations to take down a key.
>
>
> Shalom-Salam,
>
>    Werner
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


--
me <[hidden email]>

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: [openpgp-email] Keyservers and GDPR

Yegor Timoshenko
In reply to this post by Andy Mueller-Maguhn
> Purpose 4, distribution of key signatures, worked as long as
> people didn't used the key listings of the server or tools for
> more or less funny messages. Uploading key signature should be
> possible only by the holder of the key. However, to enforce
> this the keyservers need to employ real crypto and won't be a
> lean service anymore. I think the distribution of keyservers,
> for those who still want to use the WoT, can be replaced by
> sending the signed keys only back to owner. In fact tools like
> caff suggest this use case.

Storing signatures with issuing keys (instead of keys that are
being signed) should limit abuse potential while still allowing
for WoT.
 
> Purpose 5 is not relevant for OpenPGP key distribution and
> actually the reason why the keyserver network has more or less
> broken down.

World-writable storage is still a problem: even if no search is
present, at the very least means arbitrary writes. Proof of work
can both help limit this misuse vector.

Storing immutable data, distributed recon, proof of work, that
sounds like something a blockchain should do to me.
_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: [openpgp-email] Keyservers and GDPR

Yegor Timoshenko
In reply to this post by Andy Mueller-Maguhn
> Purpose 4, distribution of key signatures, worked as long as
> people didn't used the key listings of the server or tools for
> more or less funny messages. Uploading key signature should be
> possible only by the holder of the key. However, to enforce
> this the keyservers need to employ real crypto and won't be a
> lean service anymore. I think the distribution of keyservers,
> for those who still want to use the WoT, can be replaced by
> sending the signed keys only back to owner. In fact tools like
> caff suggest this use case.

Storing and distributing signatures with issuing keys (instead of
keys that are being signed) should limit abuse potential while
still allowing for WoT.

> Purpose 5 is not relevant for OpenPGP key distribution and
> actually the reason why the keyserver network has more or less
> broken down.

World-writable storage is problematic even if there is no search.
Proof of work and some operator-controllable data removal
mechanism (like opt-in key blacklists) can help limit this attack
vector.

Storing immutable data, distributed recon, proof of work, that
sounds like something a blockchain should do to me.
_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: [openpgp-email] Keyservers and GDPR

Werner Koch
On Wed,  7 Nov 2018 11:50, [hidden email] said:

> significantly affecting legitimate use. It may stop people uploading
> warez but it can’t prevent cheap vandalism.

Free storage to upload arbitrary data is easily available (e.g. p2p,
free mail accounts).  Having a searchable index to that data is more
challenging.  Thus removing the search capability from the keyservers
will render its free-as-in-beer storage feature mostly useless.


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (233 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [openpgp-email] Keyservers and GDPR

Yegor Timoshenko
> Free storage to upload arbitrary data is easily available (e.g.
> p2p, free mail accounts). Having a searchable index to that
> data is more challenging. Thus removing the search capability
> from the keyservers will render its free-as-in-beer storage
> feature mostly useless.

It's not just storage, it's also immutable and distributed. It's
very different from P2P in that operators will have to host that
content less than voluntary, and it's different from mail account
in that it's public.

For how problematic that might be, see
https://fc18.ifca.ai/preproceedings/6.pdf.
_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: [openpgp-email] Keyservers and GDPR

Andrew Gallagher

> On 7 Nov 2018, at 16:43, Yegor Timoshenko <[hidden email]> wrote:
>
> It's not just storage, it's also immutable and distributed.

In the keyservers, removing immutable content is a Very Hard Problem, but it is theoretically possible.

With blockchain, it is impossible by design.

A

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Autocrypt] [openpgp-email] Keyservers and GDPR

holger krekel
In reply to this post by Andy Mueller-Maguhn
Hi Werner, all,

i'd appreciate if we can close this "GDPR and key servers" subject
and end sending mails about it to three mailing lists.
The Autocrypt ML subscribers are likely either also subscribed to
at least one of openpgp-email/gnupg-devel or mostly not
interested in further detailed discussions about key servers.
so let's at least leave out the Autocrypt ML.

thanks,
holger


On Wed, Nov 07, 2018 at 10:13 +0100, Werner Koch wrote:

> On Tue,  6 Nov 2018 17:27, [hidden email] said:
>
> > I do roughly recal that such a verification process has been discussed for
> > the SKS keyservers at one of the pgp-summit before, but i wonder what
> > happened to the idea. However, if it that is “good enough” to be compliant
>
> This requires that there are no rogue keyservers in the network and that
> in turn means that they are under the control of a single entity.  Or
> in short, let Google take care of it.
>
> Such verification will be a single point of failure and it would be
> trivial for governments or corporations to take down a key.
>
>
> Shalom-Salam,
>
>    Werner
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


> _______________________________________________
> Autocrypt mailing list
>
> Post: [hidden email]
> List info: https://lists.mayfirst.org/mailman/listinfo/autocrypt
>
> To Unsubscribe
>         Send email to:  [hidden email]
>         Or visit: https://lists.mayfirst.org/mailman/options/autocrypt/holger%40merlinux.eu
>
> You are subscribed as: [hidden email]

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (486 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Autocrypt] [openpgp-email] Keyservers and GDPR

Tobias Mueller
In reply to this post by Andy Mueller-Maguhn
Hi,

On Wed, 2018-11-07 at 10:13 +0100, Werner Koch wrote:
> This requires that there are no rogue keyservers in the network and
> that
> in turn means that they are under the control of a single entity.
It depends on your use case, but you might be happy enough if you have a
proof of who introduced the malicious data.

That said, you might as well establish a network adhering to certain
rules run by people who are trusted enough by its users. That may not
necessarily be Google, but the EFF, the CCC, or the DPAs of the EU
member states.

Cheers,
  Tobi


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Autocrypt] [openpgp-email] Keyservers and GDPR

Tobias Mueller
In reply to this post by Yegor Timoshenko
Hi,

On Wed, 2018-11-07 at 12:33 +0100, Wiktor Kwapisiewicz via Autocrypt
wrote:
> If cryptographic verification was enough for X.509 there
> wouldn't be Certificate Transparency
CT solves a slightly different set of problems related to
the centralised trust model that we don't necessarily have.

That said, I think we can store revocations in the CT logs s.t. we can
at least have integrity protection and non-equivocation for those. Both
properties which we currently do not have when fetching them from the
key server.


Cheers,
  Tobi


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Autocrypt] [openpgp-email] Keyservers and GDPR

Wiktor Kwapisiewicz
Hello,

On 07.11.2018 18:17, Tobias Mueller wrote:
> That said, I think we can store revocations in the CT logs s.t. we can
> at least have integrity protection and non-equivocation for those. Both
> properties which we currently do not have when fetching them from the
> key server.

Mozilla experimented with storing release hashes of Firefox in CT logs:
https://wiki.mozilla.org/Security/Binary_Transparency

They used Merkle tree so the amount of data stored is small (just the
tree head) compared to the OpenPGP revocation.

Kind regards,
Wiktor

--
https://metacode.biz/@wiktor

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel
Reply | Threaded
Open this post in threaded view
|

Re: [Autocrypt] [openpgp-email] Keyservers and GDPR

Werner Koch
In reply to this post by Werner Koch
On Wed,  7 Nov 2018 18:07, [hidden email] said:

> Only if you assume that nobody creates such an index.

But then it is not a problem for keyserver operators (except for load
issues).


Salam-Shalom,

   Werner

--
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

attachment0 (233 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Autocrypt] [openpgp-email] Keyservers and GDPR

stuff
On Wed, 07 Nov 2018 20:52:35 +0100
Werner Koch <[hidden email]> wrote:

> On Wed,  7 Nov 2018 18:07, [hidden email] said:
>
> > Only if you assume that nobody creates such an index.
>
> But then it is not a problem for keyserver operators (except for load
> issues).

There are still the keyserver dumps which are accessable to anyone who wants them!

_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel