Editing Key server (cryptographic) (section)

== Problems with keyservers ==

=== Lack of retraction mechanism ===

The OpenPGP keyservers since their development in 1990s suffered from a few problems. Once a public key has been uploaded, it was purposefully made difficult to remove it as servers auto-synchronize between each other (it was done in order to fight government censorship). Some users stop using their public keys for various reasons, such as when they forget their pass phrase, or if their private key is compromised or lost. In those cases, it was hard to delete a public key from the server, and even if it were deleted, someone else can upload a fresh copy of the same public key to the server. This leads to an accumulation of old fossil public keys that never go away, a form of "keyserver plaque".

The lack of a retraction mechanism also breached the European [[General Data Protection Regulation]], which was cited as a reason for the closure of the SKS pool.<ref name=sks-archive/> Modern PGP keyservers allow deletion of keys. Because only the owner of a key's e-mail address can upload a key (see next section) in such servers, the key stays deleted unless the owner decides otherwise.

=== Lack of ownership check ===
The keyserver also had no way to check to see if the key was legitimate (belong to true owner). As consequence anyone can upload a bogus public key to the keyserver, bearing the name of a person who in fact does not own that key, or even worse, use it as vulnerability: the Certificate Spamming Attack.<ref name=sks-attack>{{Cite web|title=SKS Keyserver Network Under Attack|url=https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f|access-date=2020-09-17|website=Gist|language=en}}</ref><ref name="Gillmor"/>{{rp|at=&sect;2.2}}

Modern keyservers, starting with the PGP Global Directory, now use the e-mail address for confirmation. This keyserver sent an email confirmation request to the putative key owner, asking that person to confirm that the key in question is theirs. If they confirm it, the PGP Global Directory accepts the key.  The confirmation can be renewed periodically, to prevent the accumulation of keyserver plaque. The result is a higher quality collection of public keys, and each key has been vetted by email with the key's apparent owner. But as consequence, another problem arise: because PGP Global Directory allows key account maintenance and verifies only by email, not cryptographically, anybody having access to the email account could for example delete a key and upload a bogus one.

The last Internet Engineering Task Force draft for HKP also defines a distributed key server network, based on DNS [[SRV record]]s: to find the key of ''someone@example.com'', one can ask it by requesting ''example.com''<nowiki/>'s key server.

=== Leakage of personal relationships ===

For many individuals, the purpose of using cryptography is to obtain a higher
level of [[privacy]] in personal interactions and relationships. It has been pointed
out that allowing a public key to be uploaded in a key server when using
decentralized web of trust based cryptographic systems, like PGP, may reveal a
good deal of information that an individual may wish to have kept private. Since
PGP relies on signatures on an individual's public key to determine the
authenticity of that key, potential relationships can be revealed by analyzing
the signers of a given key. In this way, models of entire social networks can be
developed. (Mike Perry's 2013 criticism of the Web of Trust mentions the issue
as already been "discussed at length".)<ref>{{cite web |last1=Perry |first1=Mike |title=[tor-talk] Why the Web of Trust Sucks |url=https://lists.torproject.org/pipermail/tor-talk/2013-September/030235.html |date=Sep 29, 2013}}</ref>

A number of modern key servers remove third-party signatures from the uploaded
key. Doing so removes all personal connections into the Web of Trust, thus preventing
any leakage from happening. The main goal, however, was to minimize the storage space
required, as "signature spamming" can easily add megabytes to a key.<ref>{{cite web |title=keys.openpgp.org FAQ |url=https://keys.openpgp.org/about/faq |website=keys.openpgp.org}}</ref><ref name="Gillmor">{{cite web |last1=Gillmor |first1=Daniel Kahn |title=Abuse-Resistant OpenPGP Keystores [draft-dkg-openpgp-abuse-resistant-keystore-06] |url=https://www.ietf.org/archive/id/draft-dkg-openpgp-abuse-resistant-keystore-06.html |publisher=Internet Engineering Task Force |date=18 August 2023}}</ref>{{rp|at=&sect;2.1}}