Hi, On Fri, 2019-08-16 at 19:28 -0400, brent s. wrote: > SO for starters, please keep this off the "pool is shrinking" thread. > I'd like to see that thread relevant to resolving resiliency issues of > the SKS network, given that's the actual purpose behind starting that > thread. GDPR is off-topic to that thread and, quite frankly, it's > getting *extremely* annoying seeing GDPR bickering in a thread I'm > trying to follow for technical solutions to an actual technical > problem. I understand you and I think many of us are in the same boat. Yet, let me quickly refute a statement of yours before it becomes folklore.
> Take special notice of Article 89[3]. > > This means not only are keydumps allowed for research (§2), but the > SKS in general (ESPECIALLY US servers and operators, which I'll get to > in a moment) is exempt - we provide "...archiving purposes in the > public interest" (§3). Frankly put, we make GPG *work*. GPG is a > *very* valuable public tool - zero-trust-model public cryptography is > impossible without the Web-of-Trust. Ergo, exempt. It's that simple. No. And no, it's not. You are reading this wrongly. §89 says that member states *can* enact laws which exempt controllers from their duties with respect to erasure or correction *iff* the legitimate ground is the public interest (which itself is highly questionable). You don't gain anything from this §89 GDPR if member states do not create a law. And even then you wouldn't be fully exempt (as you suggest), but rather have an easier life as a controller. If we require member states to enact laws, then we're better off pursuing laws based on §85 GDPR, but that'd go too far for this discussion here. I'm happy to have this elsewhere. Cheers, Tobi _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
