Re: [Sks-devel] About deleting keys

[dirk astrath]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Kristian,

> Not gonna comment too much on this, but a general note is a
> question on what constitute "personal data", in my experience name
> and email isn't included, but IANAL.

As i wrote in my email:

The combination of email and name are personal data.

If anybody uses my email-adress and my name to create a fake entry in
a database i'm allowed to force the operator of this database to get
my data deleted from this database. No matter, who created this entry.

>> If there is no private key needed and no verification done 
>> everybody can generate keys with every combination of name and 
>> email-adress, generated at random dates and upload them to the 
>> keyservers. And if everybody is able to generate and publish
>> fake keys everybody can build up fake web of trust.
> This is why you have key validation requirements and 
> signatures/certification. The existence of a key doesn't bind that
> key to a specific individual, no matter what the UID says.

Wrong ... the unique email-adress is the problem .. which is usually
in the UID of the key.

Therefore read my proposal i just sent to this mailing-list some
minutes ago ... ;-)

Best regards ...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJwMOkACgkQVuf/iihAxwjNtQCfcdMk8yCZAeF0fUQgeAPaDe1J
fW0Aniy5mjbuG6Z4WIyvvauaXvhh2tDY
=Q4E9
-----END PGP SIGNATURE-----