Keyservers and GDPR

deloptes deloptes at
Mon May 27 13:47:19 CEST 2019

Hi all,
sorry for stepping in as I am not working on this topic, but following the
GDPA story for longer time I never read that we could simply prompt and
agree with the terms of  the authority hosting the information of the
public key. The date and signature and probably reference to a version of
the agreement can be added to the key and it won't be much of overhead.
Isn't it more simple? Of course one should take care how the key servers
exchange information in a secure way, but IMO on the surface it is a matter
of an agreement between the person and the authority hosting the
information of the public key. As Tobias Mueller was writing, it is all
about handling personal information with care and not about fines. Of
course all of this should stand in court as well, because there are many
lawyers and companies that make money by legally blackmailing business
entities that down not comply to GDPA.


On Mon, May 27, 2019 at 11:02 AM ilf <ilf at> wrote:

> Tobias Mueller:
> >> So far, I stand by last year's statement:
> >>> tl;dr: Keep calm and keep running keyservers.
> > Are you standing by your statement because you believe that processing
> > that data is lawful or because you don't fear the consequences of a
> > potentially unlawful processing of data?
> I stand by my statement because of the reasons I explained last year.
> --
> ilf
> If you upload your address book to "the cloud", I don't want to be in it.
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Gnupg-devel mailing list