sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Implications of GDPR

From: brent s.
Subject: Re: [Sks-devel] Implications of GDPR
Date: Thu, 3 May 2018 13:21:57 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 
On 05/03/2018 07:40 AM, Moritz Wirth wrote:
> That does not help because you still Store european data which is still
> affected by the GDPR.
> 
> What about only accepting valid keys and removing all revoked or expired
> keys from the database? If someone wants to have his data deleted he can
> revoke his key and the revoked signature is synced over all keyservers
> which then delete them from their own db - new revoked keys are simply
> rejected. 
> 

how do you determine the "validity" of a key? do you mean in the
technical sense (not expired, revoked, etc.)? because others have
pointed out the issue with that.

or do you mean proving a user owns a key they push? if so, that has its
own problems- sure, you could send an email to the email address
associated with the key and require a reply (such as what
keyserver.pgp.com did - does? haven't used in a while), BUT...

not all keys have addresses associated (and this is the preferred method
for addressing the - admittedly, in my opinion, unfounded but still
commonplace - concern of spammers harvesting email addresses from keys).

-- 
brent saner
https://square-r00t.net/
GPG info: https://square-r00t.net/gpg-info

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]