OpenPGP key verification + legal framework

Viktor ageyev at gmail.com
Mon Nov 5 17:56:50 CET 2018


On 05/11/2018 18:01, Wiktor Kwapisiewicz wrote:
> user personal data provided for key verification stored for forever
> and can not be deleted or removed by user's request.

Yes, that's the point.
If my counterparty had signed some contract or document, he/she should 
not be able to delete his/her public key certificate and data used for 
its verification.
So in case of dispute I can prove that he/she really signed the document.
This is exactly the part that is difficult to ensure, especially given 
the new European legislation (GDPR). We needed to develop a 
justification for this. We had registered by U.K. Information 
Commissioner's Office (https://ico.org.uk) , hired certified Data 
Protection Officer etc.

> Maybe it would also be a good idea to provide a list of locations of
> Notaries before registration. I'd like to see if there is one nearby, if
> not, there is not much benefit for me to register (at least now).

For now we have connected notaries only in Tel Aviv and Kyiv.

The main verification method is online verification, and we have already 
users with verified keys from 34 countries.


Best regards,
Viktor Ageyev
CEO/CTO, Cryptonomica.net



More information about the Gnupg-users mailing list