Why Don’t We Clean Up The PGP Key Servers?

By Daniel Miessler on February 16th, 2006: Tagged as Information Security | Infosec | Privacy

I think the InfoSec community needs to make a push to purge the PGP key servers. I think it’d be nice to start off with a clean slate, you know? Virtually everyone I know has at least one public key up on a server that they no longer have the secret key for. It’s a cluster to the nth degree.

I just think it’d be nice to start fresh. Everyone who manages keyservers could send a series of notification emails to the addresses listed in their key database, and after like a year (or whatever agreed upon amount of time), the deletions would begin.

Worst case scenario is that some people need to re-upload their public keys. I think it’s a small price to pay given the resulting “fresh” feeling. I for one can’t stand looking at all those redundant, orphaned keys — it’s the OC in me I suppose.

Thoughts? Anyone agree?

  • http://sevenroot.org/dlc/ Darren Chamberlain

    +1

    I think the operators of the keyservers disagree, though. In the past, I spent some time on the gnupg-users list, and every once in a while someone would ask how to delete their old unusable keys, and the keyserver operators would chime in with reasons about why it was a bad idea. I don’t remember most of the reasons, but I was never quite convinced.

  • http://sevenroot.org/dlc/ Darren Chamberlain

    +1

    I think the operators of the keyservers disagree, though. In the past, I spent some time on the gnupg-users list, and every once in a while someone would ask how to delete their old unusable keys, and the keyserver operators would chime in with reasons about why it was a bad idea. I don’t remember most of the reasons, but I was never quite convinced.

  • http://zhasper.com/ Zhasper

    +1

    Hear Hear!

  • http://zhasper.com Zhasper

    +1

    Hear Hear!

  • Daniel

    I’d be interested in hearing their reasons. I can see why not to allow arbitrary key deletion from users, but they should consider doing a “house cleaning”.

  • Daniel

    I’d be interested in hearing their reasons. I can see why not to allow arbitrary key deletion from users, but they should consider doing a “house cleaning”.

  • http://jtpowell.blogspot.com/ Jason Powell

    I am deeply troubled by the PGP clutter. Seriously, this keep s me up at nights. ;)

  • http://jtpowell.blogspot.com Jason Powell

    I am deeply troubled by the PGP clutter. Seriously, this keep s me up at nights. ;)

  • http://dmiessler.com/ Daniel

    Peoples’ comments who don’t use PGP don’t count. ;)

  • http://dmiessler.com Daniel

    Peoples’ comments who don’t use PGP don’t count. ;)

  • http://jtpowell.blogspot.com/ Jason Powell

    I beg your pardon, but I actually do use PGP, daily. So there. Nuh.

  • http://jtpowell.blogspot.com Jason Powell

    I beg your pardon, but I actually do use PGP, daily. So there. Nuh.

  • http://calum.org/ Calum

    Just saw your post on Digg, and yes, I think we’ve all lost the key (and passphrase) from the time we tried it first in 1998.

    pgpkeyserver # rm /var/spool/keys/* -rf pgpkeyserver #

  • http://calum.org/ Calum

    Just saw your post on Digg, and yes, I think we’ve all lost the key (and passphrase) from the time we tried it first in 1998.

    pgpkeyserver # rm /var/spool/keys/* -rf pgpkeyserver #

  • Tortanick

    Like most PGP users I have at least one unrevoked public key from my early experiments lyeing around, I’d like to see this problem fixed too.

    My own suggestion would be to ban keys with infinite expirery dates. 3 years should be the absolute maximum. Any infinite timed keys in existance shall be given 3 years untill expery.

  • Tortanick

    Like most PGP users I have at least one unrevoked public key from my early experiments lyeing around, I’d like to see this problem fixed too.

    My own suggestion would be to ban keys with infinite expirery dates. 3 years should be the absolute maximum. Any infinite timed keys in existance shall be given 3 years untill expery.

  • Thomi

    I hope they will clean up the mess before my unused keys begin to expire, in about 10 years or so.


Top

Popular

Information Security / Technology

Politics

Philosophy & Religion

Technology & Science

Culture & Society

Miscellaneous

Arguments

Projects

Collections

Twitter

What I'm Reading

Favorite Books and Essays

Top Blog Categories

Inputs