Hi all,
Just my personal legal opinion, but I don't think that they are required
to actually control those keys, only to demonstrate that they are the
person whose personal data is included the keys' user IDs.
Just imagine if *I* uploaded a key with a user ID containing *your*
name, street address, date of birth and social security number. Now you
might (rightly, in my opinion) want this key removed, because it
contains sensitive data about you - by your logic, other keyserver
operators wouldn't have to delete that key, because you – obviously –
can't read and respond to their encrypted mail, even if you can proof to
them that it's your data (by producing documents, qualified signatures,
etc.). I don't think that's how the GDPR works, or responsible handling
of personal data regardless of legal requirements.
And I think it was said before in this discussion, but disclosing their
name on a public mailing list might not be the best of ideas either...
Best
On 14.06.22 21:37, Kiss Gabor (Bitman) wrote:
IMHO Mr. [...] must show some evidence first about the key to delete
belongs to him. Otherwise any impostor can make delete other guys'
key.
I thought the same thing and asked him (privately) to resend his request
in a PGP-signed email, which he did, so this is legit.
Gee. I'm also found by the alleged [...] who wants me to delete
not less than 16 public keys even if keys.niif.hu is down for
a year or two. I hope he possesses all the secret keys
because he has to read 16 encrypted mails soon...
Gabor
