OpenPGP key verification + legal framework
ageyev at gmail.com
Mon Nov 5 17:56:50 CET 2018
On 05/11/2018 18:01, Wiktor Kwapisiewicz wrote:
> user personal data provided for key verification stored for forever
> and can not be deleted or removed by user's request.
Yes, that's the point.
If my counterparty had signed some contract or document, he/she should
not be able to delete his/her public key certificate and data used for
So in case of dispute I can prove that he/she really signed the document.
This is exactly the part that is difficult to ensure, especially given
the new European legislation (GDPR). We needed to develop a
justification for this. We had registered by U.K. Information
Commissioner's Office (https://ico.org.uk) , hired certified Data
Protection Officer etc.
> Maybe it would also be a good idea to provide a list of locations of
> Notaries before registration. I'd like to see if there is one nearby, if
> not, there is not much benefit for me to register (at least now).
For now we have connected notaries only in Tel Aviv and Kyiv.
The main verification method is online verification, and we have already
users with verified keys from 34 countries.
More information about the Gnupg-users