key question

MFPA expires2010 at ymail.com
Tue Mar 16 11:24:52 CET 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Tuesday 16 March 2010 at 6:02:15 AM, in
<mid:4B9F1EE7.9000404 at gmail.com>, Paul Richard Ramer wrote:


> On Mon, 15 Mar 2010 14:49:32 +0000 MFPA wrote:
>> I don't understand the comment that they were never
>> private information. They will have been private
>> information from their inception up until the time you
>> publicised them or published them.

> I meant that at the time that I decided to include them
> into my key's UIDs, I had already shared those e-mail
> addresses a lot.

I see what you mean, but I would still consider them to be private
information. I have a record of numerous people's email addresses and
phone numbers but each is a piece of private information appertaining
to the person it can be used to contact.



> Given the current system, I think that it would be good
> to educate new adopters that an e-mail address in the
> UID is optional.

So do I.



>> That doesn't only apply to anonymous entities. For
>> example, is today's John Smith the same John Smith I
>> communicated with last week?

> Well, unless you have a way to prove who John Smith is,
> he is about as anonymous as a pseudonymous entity.

That's what I meant: the fact of it being his real name rather than a
pseudonym makes no difference.



> Understood.  I think that "private dissemination within
> a public venue" is a better description than "upload
> publicly and download privately".

It also has the feel of quite a catchy slogan. (-;



>> Indeed. The UID hashing idea, that I read about during
>> the life of this thread, would be an additional option
>> to accommodate an increased range of privacy goals.
>> Possibly that particular niche is too marginal to be
>> worth implementing, but it shouldn't be dismissed
>> without consideration.

> Because that niche might be to marginal, I recommended
> that making a working keyserver with those features
> would be the way to go.  Then, if the usage is high
> enough, get the other keyservers to implement it.

> If you (or someone else who is interested) have the
> right skills, you could download the SKS keyserver code
> that is located at
> http://sks-keyserver.googlecode.com/files/sks-1.1.1.tgz
> and begin hacking it.  Then after you have created
> working code, you could try to get it integrated into
> the existing codebase.

That obviously makes sense.

- --
Best regards

MFPA                    mailto:expires2010 at ymail.com

Put knot yore trust inn spel chequers
-----BEGIN PGP SIGNATURE-----

iQCVAwUBS59cfKipC46tDG5pAQpVbgP+JCkJpwt0cNSInmRB4mB+egOsUfN9WaIy
wEvnYTia+IeuWuPx7FMcYARVH+UCitOsvcnHmjg7pYvGcjnXiFqGzlSVL4J4rIgk
3BjpEbRn6hNc5lnFSYGATkjIUP+Xii7E173z/qBWA/zl4m5ngWnhKMoyhA0Yr+LC
vuxcjrJL/c8=
=YhGS
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list