Preserving non-central and privacy with a "permission recording keyserver"
Werner Koch
wk at gnupg.org
Tue Jul 9 21:37:17 CEST 2019
On Tue, 9 Jul 2019 14:13, gnupg-devel at gnupg.org said:
>> === Record deletions
>> If someone requests a deletion (which means this person can prove
>> that it is there personal data), this is also recorded, only by key
>> number, so this can also be synced with other keyservers.
>
> Sure, technically not a big thing.
Right, we have most tthings already in place. To delete a key the owner
of the key just needs to publish a revocation certificate. The
keyserver validates the revocation and removes everything from the key
but the primary public key and the revocation signature.
We can also make use of the reason-for-revocation flag. For example
No reason specified --> Delete as described.
Key is superseded --> Keep keyblock.
Key material has been compromised --> Delete as described
Key is retired and no longer used --> Keep keyblock
In the keep cases the server should be prepared to see another
revocation to delete the key. This is a bit questionable in the "key
compromised" case.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190709/f3512d35/attachment.sig>
More information about the Gnupg-devel
mailing list