Re: [Sks-devel] Implications of GDPR

[Moritz Wirth]

That does not help because you still Store european data which is still affected by the GDPR.

What about only accepting valid keys and removing all revoked or expired keys from the database? If someone wants to have his data deleted he can revoke his key and the revoked signature is synced over all keyservers which then delete them from their own db - new revoked keys are simply rejected. 

Sent from my iPad

On 3. May 2018, at 13:26, Ari Trachtenberg <address@hidden> wrote:

… or keep sks servers out of Europe.

On May 3, 2018, at 3:35 AM, Gabor Kiss <address@hidden> wrote:

I'm thinking the problem is much simpler than its being made out to be.
For the data to have got in to the SKS system the user must push it
there. Its not like we are gathering the data in the background like FB

Actually anybody can send in your name and e-mail address (with a fake key of course).

or Google, so its the users responsibility control the data and delete
it if needed.

IMHO the current form of key servers won't survive the GDPR.
We have to destroy it then to rebuild from scratch.

My suggestion a key server should accept keys only with a special
ID record:
"This is a public information as written on http://gdpr.example.com"
or so. That is signed by owner. Whose identity is verified by someone else.
So key server is a toy for the strong set only. At least in the first
few years.

Gabor

_______________________________________________
Sks-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel

---

Prof. Ari Trachtenberg            ECE, Boston University
address@hidden                    http://people.bu.edu/trachten

_______________________________________________
Sks-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/sks-devel