A key doesn't get imported from one of the keyservers

Werner Koch wk at gnupg.org
Wed Aug 4 10:35:28 CEST 2021

On Tue,  3 Aug 2021 11:19, Vincent Breitmoser said:

> Unlike the other keyservers, keys.openpgp.org has a [privacy policy] that
> doesn't permit distributing email addresses without consent. The key

It is not a privacy policy but a serious misconception much like what
keyserver.com and PGP Universal Server did a long time ago.

The OpenPGP spec requires a User ID for the on-wire format of a public
key.  Any implementation which violates this rule is not OpenPGP

The privacy argument on the a user id is layman's idea of the GDPR.  In
fact the key itself is not different than an IP address or mail address
and in fact more stronger personal data or a natural person than the

Note that out of reasons of data minimization I would suggest to create
new keys only with a mail address and not with any other data.  For
example posteo.de has such a rule for keys used on their platform;
gpg-wks-client even has direct support for such a requirement.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20210804/2ff22f72/attachment.sig>

More information about the Gnupg-users mailing list