A key doesn't get imported from one of the keyservers

john doe johndoe65534 at mail.com
Wed Aug 4 12:32:38 CEST 2021


On 8/4/2021 10:35 AM, Werner Koch via Gnupg-users wrote:
> On Tue,  3 Aug 2021 11:19, Vincent Breitmoser said:
>
>> Unlike the other keyservers, keys.openpgp.org has a [privacy policy] that
>> doesn't permit distributing email addresses without consent. The key
>
> It is not a privacy policy but a serious misconception much like what
> keyserver.com and PGP Universal Server did a long time ago.
>
> The OpenPGP spec requires a User ID for the on-wire format of a public
> key.  Any implementation which violates this rule is not OpenPGP
> compliant.
>
> The privacy argument on the a user id is layman's idea of the GDPR.  In
> fact the key itself is not different than an IP address or mail address
> and in fact more stronger personal data or a natural person than the
> latter.
>
> Note that out of reasons of data minimization I would suggest to create
> new keys only with a mail address and not with any other data.  For
> example posteo.de has such a rule for keys used on their platform;

If I understand correctly, the 'real name' and 'comment' should be left out.

1)  https://posteo.de/en/help/policies-for-public-keys#names

--
John Doe



More information about the Gnupg-users mailing list