On 05/11/18 17:56, Viktor wrote: > If my counterparty had signed some contract or document, he/she should > not be able to delete his/her public key certificate and data used for > its verification. IMVHO You're just (badly) reinventing X509.
> This is exactly the part that is difficult to ensure, especially given > the new European legislation (GDPR). We needed to develop a > justification for this. We had registered by U.K. Information > Commissioner's Office (https://ico.org.uk) , hired certified Data > Protection Officer etc. Then, again IMVHO, you should have registered in a country that's supposed to *remain* in the EU... > For now we have connected notaries only in Tel Aviv and Kyiv. CACert does have quite a lot of notaries, but they're still not enough for an average user: I made a 600km trip just to meet one. It's simply not good at the economic level: I can buy a smartcard with an already legally recognized and binding signature for 3y at 50€ (IIRC). Moreover, if you just verify the mail address you're not identifying the user, just "someone that currently controls that address". The same can of worms faced by LetsEncrypt with DV certs. BYtE, Diego _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
