On 8/4/2021 10:35 AM, Werner Koch via Gnupg-users wrote:
On Tue, 3 Aug 2021 11:19, Vincent Breitmoser said:
Unlike the other keyservers, keys.openpgp.org has a [privacy policy] that
doesn't permit distributing email addresses without consent. The key
It is not a privacy policy but a serious misconception much like what
keyserver.com and PGP Universal Server did a long time ago.
The OpenPGP spec requires a User ID for the on-wire format of a public
key. Any implementation which violates this rule is not OpenPGP
compliant.
The privacy argument on the a user id is layman's idea of the GDPR. In
fact the key itself is not different than an IP address or mail address
and in fact more stronger personal data or a natural person than the
latter.
Note that out of reasons of data minimization I would suggest to create
new keys only with a mail address and not with any other data. For
example posteo.de has such a rule for keys used on their platform;
If I understand correctly, the 'real name' and 'comment' should be left out.
1) https://posteo.de/en/help/policies-for-public-keys#names
--
John Doe
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
