Preventing public key upload to key-servers

Klaus Ethgen klaus+gnupg at ethgen.ch
Tue Feb 1 17:57:42 CET 2022


Am Mo den 31. Jan 2022 um 22:39 schrieb jonkomer via Gnupg-users:
> But the reason for my original post was not to find
> better ways of communication mechanics while the
> relationship exists, it was specific and quite narrow:
> how can both sides do all they reasonably can in order
> to avoid making it public knowledge that the
> relationship existed *after it has been dissolved*.
> 
> There is significant difference between a one-time
> "third-party" correspondent misusing his knowledge of
> the relationship after it has been dissolved, from
> that same knowledge being published in perpetuity via
> a simple, automated Internet query. Specifically,
> the question was if there is any mitigation against
> the action of an uninformed (or, perhaps by a stretch,
> malicious?) correspondent adding signatures and
> uploading the key to the network of synchronizing
> pubkey servers. Well, there is none.

Well, there is no technology that can ever prevent that human
error/fault.

What you want is simply not possible. Even if there is technology to
prevent the upload to a key server, someone could just publish your key
via twitter, or put it into bitcoin keychain or via any other way you
might imagine.

And even if he is not in possession of the original key, he can create a
own key (setting date to somewhen in the past) with you mail address and
publish it. Or what does prevent others to create a facebook account in
your name? You would have pretty much trouble to get that facebook
account removed again.

The problem, you described, is a human problem, not a technical one.
GDPR cannot prevent leaks. And when it is leaked, there is no law that
could remove the data again. You can remove it from one platform but the
ghost is out of the bottle. GDPR is, as I already told, just a nearly
lame duck that just ignores how technology and internet works. 

Regards
   Klaus
-- 
Klaus Ethgen                                       http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16            Klaus Ethgen <Klaus at Ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 688 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220201/90651f6c/attachment-0001.sig>


More information about the Gnupg-users mailing list