A. G. via <gnupg-users@gnupg.org>: The short answer is "no", or at best "not yet"...
Thank you very much for the response and comprehensive comments. In this case, the mail domain owner is actually the one that needs this level of control: he insists on the ability to positively respond to individual e-mail users' GDPR "forget me" requests. He is running an in-house mail server, and would like to direct "members" to use OpenGP encrypted mail for all member-to-member communication, and encourage the same for members' "general" e-mail correspondence. To this end it is desirable to give the users the option to create "personalized" mail account addresses (i.e., <john....@example.org>) and include their first/last name in the public key. Domain owner intends to operate a "members only" public key dissemination and fingerprint verification mechanism. When the user is removed from the "membership", (either by the domain owner action or by his or her own request), the mail address (and any/all other personal data) is deleted and promptly removed from the publicly exposed Internet domain presence. In order to use OpenPG encrypted mail with the correspondents on other domains, the user must attach his public key to an outgoing message as the domain owner does not serve keys to the general Internet population. However, while the user/key is active, and with the user's permission, anybody in the possession of the public key can verify the fingerprint using the the same mechanism as is provided to the members. After the user removal the domain owner is ipso facto GDPR compliant. However, he would prefer that a naive user (rightly or not) does not consider him unresponsive, and both sides have some interest in preventing any Internet server from keeping an active and publicly exposed user's name and (now defunct) e-mail-address, thus indiscriminately advertising forever the fact that John Doe was at some point in time a member of Example.org. How do individual key-server owner/operators react to formal GDPR "forget me" requests; either by e-mail users, or by mail domain owners? Any known legal precedents? Jon K. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
