hashed user IDs [was: Re: Security of the gpg private keyring?]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Mar 2 21:14:08 CET 2011


On 03/02/2011 02:25 PM, MFPA wrote:
> For somebody who uses the same email address to communicate with many
> contacts and keeps the same email address for a long time, that is
> true. For somebody like me who uses various different email addresses
> and replaces some of them on a regular basis it is plenty practical
> enough.

it sounds to me like you've simply made it difficult for people to
correspond with you over long periods of time because your e-mail
address isn't likely to continue working.

If your only concern is that you don't want your e-mail address publicly
visible on the keyservers, just make a User ID with no e-mail address at
all, and leave it at that.

You'd still need to do the work of changing, say, MUAs to re-think their
key-selection criteria to include keys without e-mail addresses (maybe
just based on the human-readable part of the To: header?)

But you wouldn't have to do any of the following:

 * specify and try to reach consensus on the syntax of a "standard"
Hashed User ID

 * modify underlying OpenPGP implementations to try digested searches

 * convince third-parties that it is worth their while to certify
digested user IDs

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110302/69c863dc/attachment.pgp>


More information about the Gnupg-users mailing list