A key doesn't get imported from one of the keyservers
Werner Koch
wk at gnupg.org
Wed Aug 4 10:35:28 CEST 2021
On Tue, 3 Aug 2021 11:19, Vincent Breitmoser said:
> Unlike the other keyservers, keys.openpgp.org has a [privacy policy] that
> doesn't permit distributing email addresses without consent. The key
It is not a privacy policy but a serious misconception much like what
keyserver.com and PGP Universal Server did a long time ago.
The OpenPGP spec requires a User ID for the on-wire format of a public
key. Any implementation which violates this rule is not OpenPGP
compliant.
The privacy argument on the a user id is layman's idea of the GDPR. In
fact the key itself is not different than an IP address or mail address
and in fact more stronger personal data or a natural person than the
latter.
Note that out of reasons of data minimization I would suggest to create
new keys only with a mail address and not with any other data. For
example posteo.de has such a rule for keys used on their platform;
gpg-wks-client even has direct support for such a requirement.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210804/2ff22f72/attachment.sig>
More information about the Gnupg-users
mailing list