On 2019-04-04 at 18:41 -0400, Daniel Kahn Gillmor wrote:
I've documented some thoughts on how to resist this abuse in a new
Internet Draft:
https://datatracker.ietf.org/doc/draft-dkg-openpgp-abuse-resistant-keystore/
Hey, this is good stuff. Thanks.
The references section uses my name in the SKS reference. While I
certainly wrote much of (a vast majority of?) the SKS operational
documentation, I did not write SKS and am no longer at all involved in
it. Another person's name should probably go there.
The rest of this mail is on just one topic; otherwise it'll get too long.
Others are suggesting blockchain approaches. This makes the reason that
I stopped volunteering my time and resources to host an SKS instance, and
helping others to do so, relevant: people create spamming tools which
make it easier for non-technical users to abuse the append-only trust
stores; history has shown that this ease-of-abuse barrier-lowering does
directly lead to more abuse, including attempts to just spoil the entire
keyserver system.
In my jurisdiction (and under my own ethical code) the big concern was
child porn: not because it's a sane means of distribution, but because
of the spoiling effect. Even without graphical-representation attribute
packets, there is speech which causes trouble in some parts of the
world. Eg, in Europe, folks can insist upon having their own data be
removed. This happened, a decade ago, leading Peter Palfrader to shut
down his keyserver after receiving a legal demand to delete a key from
the keyservers.
So locking down towards a "blockchain" approach (with whichever subset
of functionality the speaker intends that to mean, usually just a merkle
tree), trendy as it might be, risks creating a system where the
operators don't dare host the data sets. Financial blockchain systems
might be able to bear the risk because once there's money involved,
there will be pushback against censorship, but a OpenPGP key blockchain
would not have that politically powerful vested interest protection.
An append-only system where the operator of a keyserver has no ability
to filter what makes it onto local storage would not entice this former
keyserver operator back into the fold.
It turns out that "ability to resist censorship by governments with
global reach" is not directly the biggest threat model and trying to
protect against it will hinder protections against the actual abuse
observed. As long as OpenPGP client implementations don't get tied into
only one keyserver interaction method, and instead keep WKD and other
approaches, there are plenty of ways to get keys out there; preferred
keyserver annotations help too. Folks who need to bypass extreme
censorship will likely need to use private keyserver setups, eg run
along SecureDrop by friendly organisations.
-Phil
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp