This sounds like a perfect use case for WKD....
You are correct.
But the reason for my original post was not to find better ways of communication mechanics while the relationship exists, it was specific and quite narrow: how can both sides do all they reasonably can in order to avoid making it public knowledge that the relationship existed *after it has been dissolved*. There is significant difference between a one-time "third-party" correspondent misusing his knowledge of the relationship after it has been dissolved, from that same knowledge being published in perpetuity via a simple, automated Internet query. Specifically, the question was if there is any mitigation against the action of an uninformed (or, perhaps by a stretch, malicious?) correspondent adding signatures and uploading the key to the network of synchronizing pubkey servers. Well, there is none.
Europe is (in my experience) over-represented in the OpenPGP development community
Then I stand corrected. (My impression was based only on the "US pop-culture coloured" and clearly emotional response to the mere mention of GDPR). Jon K. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users