ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: rfc2440bis-02 comments

2000-12-15 15:25:58
from [Dave Del Torto] [Permanent Link] 
At 3:11 am -0800 2000-12-15, L. Sassaman wrote:

One of the major complaints I hear about PGP key servers is the inability
to delete keys once they are sent to the server. I'd like to request the
addition of two new flags for subpacket 23:

    0x40 = Disabled
    the key holder requests that this key not be returned upon
    a search of the key server.

    0x60 = Enabled
    the key holder requests that this key be returned upon a
    search of the key server.

Keys bearing the disabled flag would either reside on the key server and
never be returned in a search (except perhaps to the administrator), or
they would be immediately deleted upon receipt by the key server.



Len,

I'm intrigued by your idea of "disabling" keys as a solution to this
problem. I think it could be a useful addition, even with the
questions it raises.

If the intent is to allow a Alice to effectively Remove her public
key -- even if the keyserver's policy/software doesn't allow her to
Delete it -- then I think this is useful. Of course, this presumes
that Alice still retains her ability to modify the public key.

However, if the intent is to "mask" the presence of Bob's key on the
keyserver in lieu of Deleting it, it's hard to see what sort of
keyserver response behaviour would prevent Eve from trying to
determine the presence of Bob's key on the server -- by deducing that
information using the very 0x40 flag you describe in conjunction with
the keyserver behaviour. This simply shifts the policy focus from the
pksd's delete policy to its search policy.

All Eve would need to do is upload the public component to the
keyserver in order to determine the status of the subpacket 23
enable/disable flags: if the key is present but disabled, it will
"vanish," confirming that it's disabled. If not present, it will be
returned by a subsequent search. A rudimentary traffic analysis
technique.

The big question of course, is "who can set these flags?" IMHO, they
musn't be outside the hashed subpackets: they need to be set by the
key-owner, lest they contribute to a DoS attack on any given public
key. This means that Alice or Bob could just as easily Revoke (or,
pksd policy permitting, Delete) their keypairs. If the keyserver
admmin is to be allowed to set the flag, this raises a serious key
management policy question, again just shifting the problem
elsewhere, but not solving it entirely.

   dave
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: rfc2440bis-02 comments, L. Sassaman
Next by Date:  Re: rfc2440bis-02 comments, L. Sassaman
Previous by Thread:  Re: rfc2440bis-02 comments, L. Sassaman
Next by Thread:  Re: rfc2440bis-02 comments, L. Sassaman
Indexes:  [Date] [Thread] [Top] [All Lists]