[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] [openpgp-email] Keyservers and GDPR

From: Andy Mueller-Maguhn
Subject: Re: [Sks-devel] [openpgp-email] Keyservers and GDPR
Date: Tue, 6 Nov 2018 17:27:14 +0100

On 23 May 2018, at 11:07, Patrick Brunschwig <address@hidden> wrote:

> There are actually two different types of keyservers, which should be
> clearly distinguished.
> 1. the pool of SKS keyservers: as anyone can upload anybody's key, and
> as it does not allow to delete keys, it's IMHO by not compatible with GDPR.
> 2. other types of keyservers like the run by Mailvelope (and possibly
> others that I don't know of), that verify the keys they receive and
> allow to delete keys, are compatible with GDPR, or can be made
> compatible easily.

I don´t know what Mailvelope uses (as they seem to integrate everything
in their webfrontend), but adding a verification procedure when uploading
a key (through the email-address of the key) into the SKS keyservers 
seems to me like long overdue, as it also would solve to an larger extend
the problem mentioned by Gabor with fake-keys uploaded in $other persons

I do roughly recal that such a verification process has been discussed for
the SKS keyservers at one of the pgp-summit before, but i wonder what
happened to the idea. However, if it that is “good enough” to be compliant
with the GDPR i can´t say, but this sounds like a good idea in any case.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]