On mar, jun 14 2022, Gabor Kiss wrote: > On Tue, 14 Jun 2022, Klaus-Uwe (Kumi) Mitterer wrote: > >> Just my personal legal opinion, but I don't think that they are required to >> actually control those keys, only to demonstrate that they are the person >> whose personal data is included the keys' user IDs. > > Google gives several hits for "Luis Puerto". This seems to be a > quite common name (just like mine :). > How to figure out if a given record contains name of the > "real" Puerto and not an other's? > > What if I get crazy and I want all "Gabor Kiss" records to be deleted? > Do you simply believe without any proof that all records with this > name belong to me?
Just a small comment to note that the person in question also contacted me (as the operator of keyserver.escomposlinux.org). I asked for proof of identity in a way that I could verify. He answered that in addition to controlling all of the secret keys (and having the willingness to prove it), he could also use a digital certificate system that is operated by the government and legally binding in my country[1][2] (both of us are Spanish citizens). And at my request, he has digitally signed a document -produced by me- with that digital certificate. I have verified the signature using one of the government services for signature verification, and the signature is good. And the certificate details match those provided by the person in question. So as far as I'm concerned, this is a request from the legitimate owner of the PII data present in those keys. And I have removed them from my HockeyPuck server (and blacklisted so they don't get re-introduced). But don't take my word for it, and do your own verification! Best regards, Iñaki. [1] It's one of the two official government run digital certificate systems, the other one being the Smart Card system embedded in our national identity card. [2] And as far as I've read, it should also be legally binding in the whole EU. As the system is part of a EU-wide cross-country digital certificate initiative.
signature.asc
Description: PGP signature