Keyservers and GDPR

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Wed May 23 23:45:56 CEST 2018


On 05/23/2018 11:04 PM, Christoph Anton Mitterer wrote:
> That would in fact be a good thing... perhaps even with some form of
> challenge response (i.e. the owner must sign something as a response).

yes and no.. it basically changes keyservers to becoming certificate
authorities. And unless they do signature / certification on the
keyblock this state isn't kept anywhere.. but it is basically the PGP
Global Directory.

From a security perspective I'm not impressed about it, and there are
several caveats, in particular related to expecting a domain name being
in the original owner's control forever. So revocation of a previous
owner wouldn't be recorded. It also excludes any non-email UIDs, e.g
just a plain name or a pseudonym/handle in other channels (twitter?)

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"Be a yardstick of quality. Some people aren't used to an environment
where excellence is expected."
(Steve Jobs)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180523/639c1000/attachment.sig>


More information about the Gnupg-devel mailing list