[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Keyservers and GDPR
|
From: |
Bernhard Reiter |
|
Subject: |
Re: [Sks-devel] Keyservers and GDPR |
|
Date: |
Wed, 23 May 2018 08:27:04 +0200 |
|
User-agent: |
KMail/1.9.10 (enterprise35 0.20141209.518c4af) |
Hi Vincent,
Am Dienstag 22 Mai 2018 21:44:09 schrieb Vincent Breitmoser:
> My personal conclusion is that keyservers that support user id packets are,
> quite simply, incompatible with GDPR law. Has anyone else thought about
> this?
thinking about earlier data privacy laws (which were quite similiar to GDPR in
many respects) and pubkey servers got me to no clear conclusion.
> For OpenKeychain, we plan to move uploading of key material a bit farther
> out of the way and do a better job at informing the user what's going to
> happen.
If our goal is to automate the common case in an end-to-end crypto
mail communication, then asking the user a data privacy agreement question
is a stumbling block. I would degrate the user experience a lot.
Note that if you use WKD with your email provider and just the email address
in the key id (as supported by a policy option), there is no additional
personal data saved nor communicated. The email provider already has your
email address and the person asking via WKD also. In addition serving of the
public key on behalf of ther user could be added to the terms of service
of the email provider. Overal I think WKD is doing quite well on the data
privacy side and will allow a good user experience by not asking each time to
publish a new pubkey for oneself.
Best Regards,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
signature.asc
Description: This is a digitally signed message part.