I'm thinking the problem is much simpler than its being made out to be.
For the data to have got in to the SKS system the user must push it
there. Its not like we are gathering the data in the background like FB
Actually anybody can send in your name and e-mail address (with a fake key
of course).
or Google, so its the users responsibility control the data and delete
it if needed.
IMHO the current form of key servers won't survive the GDPR.
We have to destroy it then to rebuild from scratch.
My suggestion a key server should accept keys only with a special
ID record:
"This is a public information as written on
http://gdpr.example.com"
or so. That is signed by owner. Whose identity is verified by someone else.
So key server is a toy for the strong set only. At least in the first
few years.
Gabor
_______________________________________________
Sks-devel mailing list
address@hiddenhttps://lists.nongnu.org/mailman/listinfo/sks-devel
signature.asc