8

Do GPG/PGP keyservers "garbage collect" old keys which have expired, been revoked, or simply haven't been updated in a decade? Or does the server (theoretically) keep every key it has ever seen from the beginning until the end of time?

Is there any other reason keys are removed (such as if spam or abuse was detected)?

unor
  • 1,769
  • 1
  • 19
  • 38
IQAndreas
  • 6,557
  • 8
  • 32
  • 51

1 Answers1

7

Do GPG/PGP keyservers "garbage collect" old keys which have expired, been revoked, or simply haven't been updated in a decade?

A kind of "garbage collection" might theoretically be implemented for some OpenPGP key servers, but currently isn't (at least not for the large pool of synchronizing key servers).

There are several reasons:

  • Sharing information on expired and revoked keys is important, as there still might be somebody out there who hasn't updated the key yet, and does not know of a (new) expiry date or the revocation.
  • Pretty much the same applies to keys not updated. There still might be people that have not received important changes to your key yet.
  • All keyservers trying to replicate the whole web of trust help in regard to deletion attacks. It makes removing keys/users by an attacker much more difficult, and the whole web of trust more robust.
  • Transient trust also relies on keeping old connections, if you remove them, the web of trust would be weakened.
  • Especially regarding the SKS synchronization protocol, which uses set-based reconciliation (in the end, it calculates the difference between the key server's information, which is then exchanged), this would break key server synchronization, or at least make it much more complicated.
  • What happens if anybody just uploads your key again?

Or does the server (theoretically) keep every key it has ever seen from the beginning until the end of time?

Don't ever expect information on key servers to disappear. The whole key server network is built around not losing any key information. Keys and signatures get revoked (or expire), not deleted. If you haven generated a revocation certificate yet, do so. Now. And store an offline printed copy somewhere you definitely won't lose it, it is your last chance to declare a key as unused if you don't have control over it any more.

Is there any other reason keys are removed (such as if spam or abuse was detected)?

Whom to ask deleting the information, where to report abuse? There is no single instance for managing key data.

It is even close to impossible contacting all key server owners (there are hundreds!) and pledge for deleting a key. You'd have to convince all of them to do so; and they're spread all over the world, law inforcement wouldn't be helpful, either.

Jens Erat
  • 23,446
  • 12
  • 72
  • 96