[Autocrypt] [openpgp-email] Keyservers and GDPR
muelli at cryptobitch.de
Wed Nov 7 18:07:48 CET 2018
On Wed, 2018-11-07 at 10:13 +0100, Werner Koch wrote:
> This requires that there are no rogue keyservers in the network and
> in turn means that they are under the control of a single entity.
It depends on your use case, but you might be happy enough if you have a
proof of who introduced the malicious data.
That said, you might as well establish a network adhering to certain
rules run by people who are trusted enough by its users. That may not
necessarily be Google, but the EFF, the CCC, or the DPAs of the EU
More information about the Gnupg-devel