me a long time ago and so many people: wait there is no way to delete anything from pgp keyservers ever, including real names (of course deadnames), email-addresses and photos, what is wrong with you people and in what world do you live in

pgp: it's a feature

people: *exploit that for evil in an obvious attack*

pgp: [surprised pikachu]

@CobaltVelvet I wouldn't trivialize this whole thing. For one, SKS keyservers are not an integral part of PGP. It's a convenient service with a lot of drawbacks that were understood, but nobody cared enough to counter it. Second, this was seen as a transparency requirement same as TLS certificate transparency today. If you get a certificate for today, you can never delete it from the records.

@CobaltVelvet transparency is a double-edged sword with no handle -- it will hurt someone who does not handle it with extreme care.

@monsieuricon i'll trivialize it as i want tbh. it is a convenient service, and also a very dangerous very limited badly designed ancient technology that users love to describe as near-perfection and "the only way". and it applies to both the keyservers, and gpg itself, for so many different reasons each

@monsieuricon also more on that, cert transparency has a use that is directly caused by the PKI and relying on CAs, which does not apply to PGP and keyservers. You don't have to worry about multiple CA issuing certs for a domain in PGP, or an e-mail address or a name for that matter.

*and* pgp keys typically contain much more information, including personal information, and associations between people and identities. i don't want that public and i wouldn't advise making it so.

@CobaltVelvet PGP keys themselves only contain subkeys, and references to other keys that signed them. You don't have to attach a real UID to a key if you don't want to. Every other system that claims to do it "better" than PGP either relies on some central delegation authority or has exact same failings as PGP, because the problem of delegating trust is impossible to achieve in a way that would be both truly decentralized and usable by non-privacy-nerds.

@monsieuricon so the idea is that the privacy failings of a public web of trust is required to making something usable by non-privacy-nerds? i'm not convinced, and i'd say pgp is already pretty unusable by most people, and it has very little to do with having a public wot, if anything it makes the experience worse.

how big, exploitable, and spammable, does the public wot has to be for people to think that maybe privacy is important and should be the default

@monsieuricon i mean i agree that you don't *have to* put private data on keyservers, but software and practical situation often does ask you to, and require you to. doing so is recommended by convention. and most of the time there is no mention that if you push it, that label won't be under your control anymore.

i think you dont have to be a privacy nerd to be scared of "your real name, e-mail address, and username will be permanently publicly linked", especially if you are told after the fact

@CobaltVelvet sure, I fully agree. This is the thinking that originated in the early 90s when the internet belonged to techno-nerds. If you'd told them of the implications that seem obvious today you'd be waved off as a doomsday nut. The defaults are changing with newer releases of PGP where the WoT is largely ceding to web key directories, but we aren't solving the problem of delegating trust without central authorities, unfortunately. We're admitting defeat.

Sign in to participate in the conversation

For people who care about, support, or build Free, Libre, and Open Source Software (FLOSS).