[Deadsunrise]

The message has to be signed with the private key of the key so no one but the real owner can delete it. In fact, in the readme:

> If a user can prove that a key belongs to them (by signing a message with their private key) then they are able to remove their public key with no interaction needed from the server operator. Once a key is removed, it is removed from all servers in the pool.

This is a pretty fucking awesome idea.

[sp332]

To prove that you have the private key, they should send you a challenge message and make you send back that message with a signature. If you can send any signed message, anyone who has ever received a signed message from a person can upload it and revoke that person's key.

[progval]

> If you can send any signed message

Reading the code, it does indeed allow any signed message: https://github.com/tdjsnelling/dat-keyserver/blob/12fa3e8389...

[daxelrod]

The attack that I believe fwip is concerned about is:

Alice sends an email to Bob and clearsigns the message. Bob, or anyone else who intercepts the email is now able to paste that message into the form and remove Alice's key from the keyserver.

This could be mitigated by requiring it to be a specific message.

[edwintorok]

GnuPG generates a revocation certificate when you're creating a new key, import that and it requires no interaction from you or the keyserver operator. And it works even if you've forgotten the passphrase of your GPG key. Obviously you don't want to put that file anywhere public, and if it gets compromised you can just publish the file to the keyservers yourself and generate a new key.