Hi I hope this is the right place to ask this question. The question itself is quite simple, how resilient is Certificate Transparency logs to GDPR takedown requests and what are the methods of removing a certificate from public logs without compromising the integrity of the logs?
The reason why I'm asking this seemingly simple question is because Estonia has been issuing certificates to it's citizens since 2003, they're issued by a public CA and some of the certificates already exist in current logs ( https://ct.googleapis.com/rocketeer/ct/v1/get-entries?start=110654446&end=110654446 <https://www.google.com/url?q=https://ct.googleapis.com/rocketeer/ct/v1/get-entries?start%3D110654446%26end%3D110654446&sa=D&usg=AFQjCNEbCbHE9OvVwN9nQWP0i2m38mSbcw>). But if I'm not mistaken, GDPR applies to CT as well, those certificates contain PII, thus those certificates should be under the "mercy" of who's PII it is, but as far as I've searched, noone has discussed this previously, am I wrong? Taavi Eomäe
_______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
