On 23 May 2018, at 11:07, Patrick Brunschwig <patr...@enigmail.net> wrote:
> There are actually two different types of keyservers, which should be > clearly distinguished. > > 1. the pool of SKS keyservers: as anyone can upload anybody's key, and > as it does not allow to delete keys, it's IMHO by not compatible with GDPR. > > 2. other types of keyservers like the run by Mailvelope (and possibly > others that I don't know of), that verify the keys they receive and > allow to delete keys, are compatible with GDPR, or can be made > compatible easily. I don´t know what Mailvelope uses (as they seem to integrate everything in their webfrontend), but adding a verification procedure when uploading a key (through the email-address of the key) into the SKS keyservers seems to me like long overdue, as it also would solve to an larger extend the problem mentioned by Gabor with fake-keys uploaded in $other persons name. I do roughly recal that such a verification process has been discussed for the SKS keyservers at one of the pgp-summit before, but i wonder what happened to the idea. However, if it that is “good enough” to be compliant with the GDPR i can´t say, but this sounds like a good idea in any case. best, A. _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel