Preventing public key upload to key-servers

Andrew Gallagher andrewg at
Mon Jan 31 18:51:44 CET 2022

On 28/01/2022 20:02, jonkomer via Gnupg-users wrote:
>> A. G. via <gnupg-users at>:
>> The short answer is "no", or at best "not yet"...
> Thank you very much for the response and comprehensive
> comments.
> In this case, the mail domain owner is actually the one
> that needs this level of control: he insists on the ability
> to positively respond to individual e-mail users' GDPR
> "forget me" requests.
> Domain owner intends to operate a "members only" public key
> dissemination and fingerprint verification mechanism. When
> the user is removed from the "membership", (either by the
> domain owner action or by his or her own request), the mail
> address (and any/all other personal data) is  deleted and
> promptly removed from the publicly exposed Internet domain
> presence.

This sounds like a perfect use case for WKD. It is under the full
control of the domain owner (the data controller), and RTBF does not
arise. Publication of the key is necessary to provide the service, and
the data controller deletes personal data immediately on cessation of
that service.
> After the user removal the domain owner is ipso facto
> GDPR compliant. However, he would prefer that a naive user
> (rightly or not) does not consider him unresponsive, and both
> sides

Both sides?

> have some interest in preventing any Internet server
> from keeping an active and publicly exposed user's name
> and (now defunct) e-mail-address, thus indiscriminately
> advertising forever the fact that John Doe was at some point
> in time a member of

This is not an OpenPGP-specific concern - anyone with John Doe's name
and email in their address book can potentially "leak" the fact that JD
was once associated with, even if he never creates a public
key. These are presumably the same people that he is corresponding with
using OpenPGP.

GDPR actively helps you here, by ensuring that if you are corresponding
with a company that does business in the EU, they must have internal
processes to minimise such leaks.

Otherwise, you are at the mercy of your correspondents, GDPR or not.
What is to stop them posting JD's contact details on Twitter, for
example? Or synchronising their address books with a badly-run cloud

> How do individual key-server owner/operators react to
> formal GDPR "forget me" requests; either by e-mail users, or
> by mail domain owners? Any known legal precedents?

The mail domain owner cannot make an RTBF request on behalf of a user;
GDPR applies to personal data, and the domain owner is not the data owner.

Hockeypuck server operators can add the fingerprint of the offending key
to their block list. SKS operators have to recompile, but in theory can
also comply.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list