[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] [openpgp-email] Keyservers and GDPR
|
From: |
Andy Mueller-Maguhn |
|
Subject: |
Re: [Sks-devel] [openpgp-email] Keyservers and GDPR |
|
Date: |
Tue, 6 Nov 2018 17:27:14 +0100 |
On 23 May 2018, at 11:07, Patrick Brunschwig <address@hidden> wrote:
> There are actually two different types of keyservers, which should be
> clearly distinguished.
>
> 1. the pool of SKS keyservers: as anyone can upload anybody's key, and
> as it does not allow to delete keys, it's IMHO by not compatible with GDPR.
>
> 2. other types of keyservers like the run by Mailvelope (and possibly
> others that I don't know of), that verify the keys they receive and
> allow to delete keys, are compatible with GDPR, or can be made
> compatible easily.
I don´t know what Mailvelope uses (as they seem to integrate everything
in their webfrontend), but adding a verification procedure when uploading
a key (through the email-address of the key) into the SKS keyservers
seems to me like long overdue, as it also would solve to an larger extend
the problem mentioned by Gabor with fake-keys uploaded in $other persons
name.
I do roughly recal that such a verification process has been discussed for
the SKS keyservers at one of the pgp-summit before, but i wonder what
happened to the idea. However, if it that is “good enough” to be compliant
with the GDPR i can´t say, but this sounds like a good idea in any case.
best,
A.
- Re: [Sks-devel] [openpgp-email] Keyservers and GDPR,
Andy Mueller-Maguhn <=