💾 Archived View for rawtext.club › ~sloum › geminilist › 006812.gmi captured on 2024-02-05 at 10:55:46. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

-=-=-=-=-=-=-

<-- back to the mailing list

GDPR and the protocol implications

Johann Galle johann+gemini at qwertqwefsday.eu

Mon Jun 28 12:41:53 BST 2021

- - - - - - - - - - - - - - - - - - - 

(note: I am not a lawyer)

On 2021-06-25, Matthias Geier wrote:

About gdpr and certificates. If I am not mistaken, before I even request the TLS certificate, I'd need to get a user consent, not to mention storing it.

The certificate is not technically required to contain personally identifying information, people can just input nothing or random data when they generate it. The main interesting part of the certificate would be the public key. Of course a specific service might not accept certificates where fields do not contain some expected form of content.

If they want to, users can choose to input their own personally identifying information but in that case I think it could maybe qualify as consent. I would question if this consent is "active" enough though.

I can't show a gdpr warning on the cert missing error, since the spec doesn't allow me to.

If you really wanted to you could make your server redirect people connecting without a certificate to a full document to tell them that they need a certificate, if you want to be sure.

Similarly for people visiting the site with an unknown/new certificate (maybe something like "You are connecting with a certificate which may contain personally identifying information. Under GDPR we must ask you to stop using this certificate for browsing this capsule or continue this way to consent to let us process that data.") Seeing how web pages request consent to use cookies I think it would be fine to request a certificate from the client and then show some consent page if the certificate is new/unknown. Otherwise how would you know whether this user has already consented or not? IP addresses will usually be dynamic or a user might move to a different connection. I don't know if any current server allows for something like this though.

To be even more sure you could outright reject client certificates that contain more than just the public key, depending on your applications needs.