Hi Vincent, Am Dienstag 22 Mai 2018 21:44:09 schrieb Vincent Breitmoser: > My personal conclusion is that keyservers that support user id packets are, > quite simply, incompatible with GDPR law. Has anyone else thought about > this?
thinking about earlier data privacy laws (which were quite similiar to GDPR in many respects) and pubkey servers got me to no clear conclusion. > For OpenKeychain, we plan to move uploading of key material a bit farther > out of the way and do a better job at informing the user what's going to > happen. If our goal is to automate the common case in an end-to-end crypto mail communication, then asking the user a data privacy agreement question is a stumbling block. I would degrate the user experience a lot. Note that if you use WKD with your email provider and just the email address in the key id (as supported by a policy option), there is no additional personal data saved nor communicated. The email provider already has your email address and the person asking via WKD also. In addition serving of the public key on behalf of ther user could be added to the terms of service of the email provider. Overal I think WKD is doing quite well on the data privacy side and will allow a good user experience by not asking each time to publish a new pubkey for oneself. Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel