First Amendment and Marines?

Ingo Klöcker kloecker at kde.org
Sat Jan 29 23:19:47 CET 2022 

On Samstag, 29. Januar 2022 17:38:24 CET jonkomer via Gnupg-users wrote:
> Posting the question was worthwhile, as I have learned
> that:
> 
> (a) Unfortunately, OpenPG email encryption is incompatible
> with GDPR and should not be used by those that either want
> or need to be GDPR compliant.

I disagree with this conclusion. For example, you could use OpenPGP keys with 
pseudonymous user ids or even with identical user ids. Obviously, this would 
make using OpenPGP more difficult because the email clients couldn't easily 
map OpenPGP keys to email addresses. OTOH, some email clients actually support 
mapping of OpenPGP keys to contacts. Maybe even the company's internal address 
book could be used for this. This way uploading those OpenPGP keys to 
keyservers wouldn't leak email addresses. Arguably, the OpenPGP keys 
themselves could still be considered as person identifiable information. In 
this case, you might want to use symmetric encryption (which OpenPGP also 
supports). But that makes using encryption even more difficult because now you 
have to share the passwords used for symmetric encryption and, at the same 
time, make sure that those passwords are kept secret.

> (b) GDPR appears to be a topic that, for some strange reason,
> elicits emotional reactions by the OpenPG creators and
> maintainers.

I don't know who you mean by "the OpenPGP creators and maintainers". Neither 
Phil Zimmermann, the original author of PGP, nor Werner Koch, the original 
author and maintainer of GnuPG, have participated in this thread. OTOH, some 
people who have replied to you are also on the mailing list where the future 
of the OpenPGP standard is discussed.

> (c) GPG and OpenPG appear to be very much US-centric
> endevours. That fact ought to be taken into account by the
> new users.

I find it ironic that you are accusing GnuPG of being a US-centric endeavor. 
You really need to do some more research before jumping to such absurd 
conclusions.

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220129/39a4b72c/attachment-0001.sig>

More information about the Gnupg-users mailing list