Hmm, I guess that mostly makes sense. If a user has to call into your keyserver ...

soatok · 2024-11-22T17:37:32 1732297052

> If a user has to call into your keyserver to get a key before they can start a conversation with a new friend, as you're the sole authority who can decrypt the Merkle tree entries - does that introduce any problems?

It would, but they're addressed by the total design.

> And how will you authenticate shredding requests? Does that just happen out-of-band?

Essentially, yes, it's out-of-band. The actual shredding isn't part of the protocol.

The way I see it is, this only matters when the requestor's lawyers issue a takedown for their client's Personal Data (previously referred to erroneously as PII, though the distinction between the two jargony terms wasn't something I ever needed to care about).

If I didn't take the steps outlined in this blog post, the director's operator would be in a precarious legal situation.

But with this specification, the operator just queries their database for the in-scope records and deletes the stored key.

How that's actually implemented in software, and how the operator verifies that the legal notice for the takedown is authentic, aren't problems I have a readily available solution for. There may not even be a one-size-fits-all solution here.

As I've said, my goal isn't "GDPR Compliance". That's not a property I'm advertising. My goal is to create Key Transparency and a PKI without Authorities for the Fediverse.

I simply don't want to make it logistically impossible for someone else to deploy this in the EU.

Niluge_KiWi · 2024-11-23T16:29:09 1732379349

How is the following risk mitigated: a Directory operator selectively lies about a record being erased?

Maybe the act of erasure should also be publicly recorded?