[Autocrypt] [openpgp-email] Keyservers and GDPR

Tobias Mueller muelli at cryptobitch.de
Wed Nov 7 18:07:48 CET 2018


On Wed, 2018-11-07 at 10:13 +0100, Werner Koch wrote:
> This requires that there are no rogue keyservers in the network and
> that
> in turn means that they are under the control of a single entity.
It depends on your use case, but you might be happy enough if you have a
proof of who introduced the malicious data.

That said, you might as well establish a network adhering to certain
rules run by people who are trusted enough by its users. That may not
necessarily be Google, but the EFF, the CCC, or the DPAs of the EU
member states.


More information about the Gnupg-devel mailing list