On Sep 20, 2013 3:09 PM, "Stephen Farrell" <[email protected]> wrote: > On 09/20/2013 07:50 PM, Karl Malbrain wrote: > > 1. Is the value of a personal public key considered "personal data"? > > In TLS client authentication, these keys are requested. > > I doubt there's any data-protection regulator views on that > (TLS client-auth being so rare on the public Internet) but > basically, I'd say yeah, its an identifier that generally won't > change for extended periods. That's one of the motivations > for doing TLS 1.3 - to hide such handshake data for example.
If you are signing something then you are explicitly deciding to reveal the related information. You made the decision to release it into public view, so your privacy is not violated. You need to be doubly careful of other correlatable info. However, if you are not using a particular public key generally, but restricting its use, then yes it should be kept within the intended scope of confidentiality. Scott
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
