recommendation for key servers

Werner Koch wk at gnupg.org
Sun Jun 27 13:04:59 CEST 2021


On Sat, 26 Jun 2021 19:31, Vincent Breitmoser said:

> This phrasing understates the contention that exists around this point.

I can only repeat that stripping the User-ID from a key is Bad Thing and
more of a willfully created tombstone for OpenPGP.  The pleaded GDPR
issue is artificial and entirely ignores the fact that the key or its
fingerprint is as well personal data (“any information which [is]
related to an identified or identifiable natural person”) and thus
subject to the GDPR rules.

But that is all no problem if the user consented to store the data on a
public server (for example by means of a warning dialog).  There are
other exceptions as well, for example the legal requirement to protect
the communication can be be viewed as an exception for an explicit
consent.  This is why some mail providers only allow the mail address as
user ID in a key because that is the only technically required part of
the user id (see the long standing German principle of
Datensparsamkeit).


Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20210627/430601fb/attachment.sig>


More information about the Gnupg-devel mailing list