Preserving non-central and privacy with a "permission recording keyserver"
Bernhard Reiter
bernhard at intevation.de
Wed Jul 10 13:51:54 CEST 2019
Am Mittwoch 10 Juli 2019 11:01:09 schrieb Andrew Gallagher:
> On 10/07/2019 08:15, Bernhard Reiter wrote:
> > Once a pubkey is found to distribute personal data of A which A does not
> > like, the full pubkey is not distributed anymore.
>
> A validating, non-synchronising keyserver can perform this function in
> the same way that any other website can, by simply deleting the data on
> (reasonable) request.
Yes, but I want to build a synchronising keyserver network. ;)
This is why the keyserver receiving the explicit non-permission must put this
in their list and share it with others, so the pubkey does not get
distributed by any (reasonable) keyserver anymore.
Once we know a pubkey is rouge, it shall not be distributed anymore, because
it means the key owner does not respect somebody's personal data preferences.
If this is by mistake, a new key can be generated using a different uid which
is improved in this regard.
Best,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190710/7c7dc882/attachment.sig>
More information about the Gnupg-devel
mailing list