Andrew Gallagher
@andrewg.com
Geek, thespian, activist, crackpot. A Galwegian Ulsterman at large. DPO by day, politico by night.
0xFB73E21AF1163937
@andrewg@mastodon.ie
@andrewg@mastodon.ie
It *mostly* doesn’t, but the corpse of its earlier life as a gendered language is still present. see e.g. en.wikipedia.org/wiki/Gender_...
Gender in English - Wikipedia
en.wikipedia.org
November 6, 2025 at 11:52 PM
It *mostly* doesn’t, but the corpse of its earlier life as a gendered language is still present. see e.g. en.wikipedia.org/wiki/Gender_...
Reposted by Andrew Gallagher
Another wrinkle is that email challenge/response only works for email userids. While this is by far the most common form of userid it’s not a strict requirement. It may be possible to still tie them to an email address to prevent spamming - but the question is how. 🤯
January 18, 2025 at 6:39 PM
Another wrinkle is that email challenge/response only works for email userids. While this is by far the most common form of userid it’s not a strict requirement. It may be possible to still tie them to an email address to prevent spamming - but the question is how. 🤯
(Aside: if you’re using a random number in a challenge-response protocol you have to store the random number in order to verify the response - in which case you can just use the random number alone as the challenge, no need for hashing the other data)
January 18, 2025 at 6:35 PM
(Aside: if you’re using a random number in a challenge-response protocol you have to store the random number in order to verify the response - in which case you can just use the random number alone as the challenge, no need for hashing the other data)
I think your ideas about email verification are useful. keys.openpgp.org already verifies emails, the real trick has been designing a way of doing this robustly in the sks network, in particular how do you prevent *every* keyserver from trying to email-verify the same key… 😵💫
January 18, 2025 at 6:30 PM
I think your ideas about email verification are useful. keys.openpgp.org already verifies emails, the real trick has been designing a way of doing this robustly in the sks network, in particular how do you prevent *every* keyserver from trying to email-verify the same key… 😵💫
Also, abusive keys can be blocked by adding their fingerprint to a list; there’s no need to revoke them.
January 18, 2025 at 6:27 PM
Also, abusive keys can be blocked by adding their fingerprint to a list; there’s no need to revoke them.
Since hockeypuck 2.2, hard-revoked keys have their userids automatically deleted, as you suggest (this is not yet implemented on keys.openpgp.org).
January 18, 2025 at 6:22 PM
Since hockeypuck 2.2, hard-revoked keys have their userids automatically deleted, as you suggest (this is not yet implemented on keys.openpgp.org).
Re your four responsibilities of a keyserver, we believe both keys.openpgp.org and the sks/hockeypuck network are compliant: image attributes are banned, and legal deletion requests are obeyed (and in the case of sks, forwarded to other operators).
January 18, 2025 at 6:21 PM
Re your four responsibilities of a keyserver, we believe both keys.openpgp.org and the sks/hockeypuck network are compliant: image attributes are banned, and legal deletion requests are obeyed (and in the case of sks, forwarded to other operators).
And secondly, the keyservers will need to place a lot more trust in each other. Will they synchronise the revocation cert or will it be limited to the first server that received it? And similarly, will keyservers have to trust each other to perform the email validation correctly?
January 18, 2025 at 6:16 PM
And secondly, the keyservers will need to place a lot more trust in each other. Will they synchronise the revocation cert or will it be limited to the first server that received it? And similarly, will keyservers have to trust each other to perform the email validation correctly?
Firstly, asking a keyserver to hold your revocation certificate in escrow places a lot of trust in the keyserver. For example, coercing a keyserver to release the revocation certificate is a lot more effective than simply deleting the user’s public key (which as you point out can be re-synced)
January 18, 2025 at 6:10 PM
Firstly, asking a keyserver to hold your revocation certificate in escrow places a lot of trust in the keyserver. For example, coercing a keyserver to release the revocation certificate is a lot more effective than simply deleting the user’s public key (which as you point out can be re-synced)
Hey, I had a chance to properly read through your gist and it’s not a million miles away from our own thinking on the problem. Two comments though… 😇
January 18, 2025 at 6:09 PM
Hey, I had a chance to properly read through your gist and it’s not a million miles away from our own thinking on the problem. Two comments though… 😇
Reposted by Andrew Gallagher
Ireland could be SO amazing if nature was given a chance, as I've witnessed in my own place over the last 15 years.
The multiple benefits for climate, against flooding, for tourism, etc, for ALL our lives, would be beyond imagination.
Let's do this. #Rewilding 🌎
The multiple benefits for climate, against flooding, for tourism, etc, for ALL our lives, would be beyond imagination.
Let's do this. #Rewilding 🌎
December 22, 2024 at 6:24 AM
Ireland could be SO amazing if nature was given a chance, as I've witnessed in my own place over the last 15 years.
The multiple benefits for climate, against flooding, for tourism, etc, for ALL our lives, would be beyond imagination.
Let's do this. #Rewilding 🌎
The multiple benefits for climate, against flooding, for tourism, etc, for ALL our lives, would be beyond imagination.
Let's do this. #Rewilding 🌎