Preventing public key upload to key-servers

jonkomer jonkomer at yandex.com
Mon Jan 31 22:39:18 CET 2022


> This sounds like a perfect use case for WKD....
You are correct.

But the reason for my original post was not to find
better ways of communication mechanics while the
relationship exists, it was specific and quite narrow:
how can both sides do all they reasonably can in order
to avoid making it public knowledge that the
relationship existed *after it has been dissolved*.

There is significant difference between a one-time
"third-party" correspondent misusing his knowledge of
the relationship after it has been dissolved, from
that same knowledge being published in perpetuity via
a simple, automated Internet query. Specifically,
the question was if there is any mitigation against
the action of an uninformed (or, perhaps by a stretch,
malicious?) correspondent adding signatures and
uploading the key to the network of synchronizing
pubkey servers. Well, there is none.

> Europe is (in my experience) over-represented in the
> OpenPGP development community

Then I stand corrected. (My impression was based only
on the "US pop-culture coloured" and clearly emotional
response to the mere mention of GDPR).

Jon K.






More information about the Gnupg-users mailing list