Keyservers and GDPR

Dirk Gottschalk dirk.gottschalk1980 at googlemail.com
Wed May 23 15:31:58 CEST 2018


Hi.

Am Mittwoch, den 23.05.2018, 13:16 +0200 schrieb Christoph Anton
Mitterer:
> On Wed, 2018-05-23 at 12:12 +0200, Niels Dettenbach via Gnupg-devel
> wrote:
> > If it makes any sense to build a feature allow to mark "public"
> > keys
> > as "non 
> > public" this would be a technical question.

> But that has the same problem as deleting keys...

> It mustn't be done for security reasons, as otherwise attackers could
> remove any revocations from the keyservers.

Well, that's true. the only option would be to allow only the key owner
to upload or delete his key and allow other users only to attach new
signatures or something like this. Revocation should also only be
possible by the owner or a permitted revoker.

But this would cause massive protocol changes and this would take it's
time.

On the other hand, I don't see any Problems with GDPR at all. I don't
think that they even thought about such cases. The most protocols would
be no longer legal after it takes place. ^^

GDPR is, just IMHO, an epic Fail and does not address reality. It is
usable for Websites, but nothing else. There woud have to be so much
exceptions for every protocol, that the list of exceptions would be
loinger than the GDPR itself. ^^

Regards,
Dirk


-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen
Tel.: +49 1573 1152350
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180523/7d1038d8/attachment.sig>


More information about the Gnupg-devel mailing list