Preventing public key upload to key-servers
Vincent Pelletier
plr.vincent at gmail.com
Sun Jan 30 03:36:59 CET 2022
On Fri, 28 Jan 2022 13:02:03 -0700, jonkomer via Gnupg-users <gnupg-users at gnupg.org> wrote:
> After the user removal the domain owner is ipso facto
> GDPR compliant. However, he would prefer that a naive user
> (rightly or not) does not consider him unresponsive, and both
> sides have some interest in preventing any Internet server
> from keeping an active and publicly exposed user's name
> and (now defunct) e-mail-address, thus indiscriminately
> advertising forever the fact that John Doe was at some point
> in time a member of Example.org.
How many signatures are expected to be on such key ?
If there are none (or maybe very few, especially if none links to
example.org administration), then would it be reasonable to argue that
this key can have been forged and the association with that domain is
an unverifiable claim ? I have no idea how it would legally fly, and
there is certainly a question of scale (enough individually
unverifiable but globally concordant claims become a globally convincing
picture).
Unrelated note: I find the rhetoric of a few posts in this thread
absolutely astounding. From a crypto question to red scare and "my army
is going to kick your country's ass if it dares talk to me" in two easy
steps ? This is vile.
--
Vincent Pelletier
GPG fingerprint 983A E8B7 3B91 1598 7A92 3845 CAC9 3691 4257 B0C1
More information about the Gnupg-users
mailing list