key question

Paul Richard Ramer free10pro at gmail.com
Fri Mar 19 07:54:06 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sat, 13 Mar 2010 20:05:21 +0000 MFPA wrote:
>> I can't speak for other people, but I can for me.  Take
>> > a look at the UIDs on my key, which is
>> > 0xC7C66ADF3DB6D884.  And also, take a look at my master
>> > key 0x2188A92DF05045C2 that I signed the other key
>> > with.
> 
>> > Each of those e-mail addresses on my keys are ones that
>> > were already associated with my real name.  I had given
>> > each of those addresses to family, friends, associates,
>> > businesses, or a combination of them.  Not one of those
>> > accounts had given me any anonymity, and each had been
>> > shared outside of people I knew personally.
> 
>> > By uploading a key with those addresses on it, does
>> > that mean I gave up privacy that I already had?  No.
> 
> It looks to me as if the answer is "yes." Unless each person who had
> one of your email addresses already knew the other addresses before
> seeing them on your key, they now have extra information about you.
> And the addresses have jumped from "shared outside of people [you]
> knew personally" to published in a universally-accessible location.
> However minor/negligible or unimportant you may consider it, that's a
> reduction in privacy.

You are, of course, assuming all of my contacts know what PGP is, how to
use a keyserver, and have fetched and examined my key.  Although I have
potentially disclosed my e-mail addresses to the whole world, my actual
disclosure has been less than had I posted those e-mail addresses to a
web page or handed a copy of my key UIDs to whomever.

But you know what?  I don't care.  I created those UIDs with the belief
that if I shared them with one person, I shared them with the world.  I
intentionally made that information public, which is different from
accidental disclosure.

Also the use of a keyserver in my case was good, because I don't have
any means of distributing my key electronically other than by e-mailing
my key to every person that may request it.  So a keyserver fits the way
I want to work.


- -Paul

- --
Privacy is good.  Use PGP.

+---------------------------------------------------------------------+
| PGP Key ID: 0x3DB6D884                                              |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
+---------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQGcBAEBCAAGBQJLox97AAoJEJhBiuhgbQLIgEAL/1hXd6DAMcX+goDdipUMt1Yd
5dqnSKbGsC0Rp9Ewa2aZTPzfb4AyAdhjugp+2oX17+47Ijz8CgRP5iCSzEwhW6gl
JqKWrKL13f88vN97iauBI/TYiUoEBpMFvreYlu0X8g7qGK9WN1ul4SfFUNaBbXJt
/OXfACs7PbSUSN8XvqprOHV+p9uAFNpLIjIYpKZpt4GzhjIF7ifg7fBSw8VdXXBI
qahG0c6OqFBU10kJgZlHOM+ZSoqlS9B3M3DR54DLmgwNOhzFkOu5lgOpURY9FrZP
4XYt5hasn/FapiUh5qk8A0QRSLrXUyM7jgntK6KwIFHmurss+eyZRfxBnzveVVbR
M2WM9k+AyQnpWwjpxeAR2qQAAjljBDj5TuAEYwlXw6dBb/eQAUcr3SmEdSUDx9BV
Q2x37xMN5191xEYqVjNT5FtQko2wGCFSA4qWRbvi+DXV0KVGbTW1N2FBXLtQS1Gc
QtndM+4MIf9UkLMnUYJriDnQmgOPiQmJAJzi8gnhuQ==
=hLHd
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list