Preventing public key upload to key-servers

Ángel angel at pgp.16bits.net
Sun Jan 30 02:08:08 CET 2022


(changing back the thread subject)

On 2022-01-29 at 09:38 -0700, jonkomer wrote:
> I was the one to suggest to them to use e-mail and OpenPG
> encryption. The reasons were two-fold: first to avoid one of
> those centralized, web-browser based, single-point-of-failure,
> essentially insecure communication setups so common today;
> the second was to make their member's communication
> interoperable with general Internet population in order
> to increase organization's visibility and promote wider
> adoption of encrypted e-mail. I posted my original question
> only in order to find out some technical details on how to
> do that.
> 
> Posting the question was worthwhile, as I have learned
> that:
> 
> (a) Unfortunately, OpenPG email encryption is incompatible
> with GDPR and should not be used by those that either want
> or need to be GDPR compliant.

That's a non-sequitur from the thread. Your GDPR issue is with
people uploading keys to the PGP keyservers without consent, not
with OpenPGP (which doesn't need keyserver nor even specify the
use of keyservers, although they are related technology).

Think about it: If you sent me a physical letter full of personal
information, and I then publish it on the newspaper, with no legitimacy
to do so, in violation of GDPR. Would that make snail-mail incompatible
with GDPR?


Regarding your problem, I would suggest not to include the first/last
name in the key. Only the email address. (Yes, the name part is
optional).

So instead of 
 John Smith <john.doe at example.org>

if would simply be
 <john.doe at example.org>


The name part is inherently unreliable, since it cannot know if the
owner is *the* John Smith you want to write to (assuming the user is
actually named John Smith!). On the other hand, the key can be easily
matched with the provided email address.

Of course, a member wanting to correspond with John Smith needs to find
out that their email is john.doe at example.org but that was likely
already the case before, and something which is probably solved through
that "internal verification mechanism" (which I'm a bit wary about, I
would recommend that the keys were provided signed by the domain owner,
so members would only need to trust(sign) that key to know that they
have a valid example.org pgp key. They could be published through WKD.
This doesn't preclude that access to the keys could require
authentication).

A second issue on having the users rely (and the owner needing to
assert) on the name displayed on the key would have been what to do
when a second John Smith wanted to become a member.



Best regards



PS: I guess by the "emotional reactions" you mean Robert J. Hansen
mails, since replies by other people seem much more technical in
nature. You shouldn't generalize from one person to "all creators and
maintainers". In fact, I think -but have not checked- that most of
GnuPG code will have been written inside the EU. There are lots of
OpenPGP users inside the EU, under GDPR, including Government entities
(as Robert J Hansen noted).





More information about the Gnupg-users mailing list