hashed user IDs [was: Re: Security of the gpg private keyring?]
expires2011 at ymail.com
Mon Mar 21 00:40:03 CET 2011
-----BEGIN PGP SIGNED MESSAGE-----
On Sunday 20 March 2011 at 6:31:49 PM, in
<mid:4D864815.6020205 at adversary.org>, Ben McGinnes wrote:
> On 20/03/11 1:52 PM, MFPA wrote:
>> Whether on a keyserver or on your local keyring, I see
>> little difference.
> Which just shows how your use differs with that of
> others. I have a number of keys on my keyring and when
> I list them I like to see which key belongs to which
> identity/account (I don't care if it's a real name or
> not, just as long as I can see something that makes
> sense to me). Hashed IDs, depending on how common they
> became, would make this and key management difficult.
All fair enough but the reason I see little difference between
personal information being on other people's local keyrings or on
keyservers is covered in the next sentence, which you agreed with.
>> Keys that exist on local keyrings sooner or later tend
>> to end up on keyservers.
>> The first two or three times I looked at PGP and
>> GnuPG, I found the apparent requirement to include
>> personal information in user IDs repulsive and
>> therefore moved on without any further study. A
>> feature such as this might have attracted me to study
>> further and maybe adopt sooner.
> No offence, but I think this is more a lack of
> imagination. I think my second key ever used a
> pseudonym with no email address or comment and it was
> made the same day as my first one.
No offence taken. When I eventually looked into it I realised the
requirement for including the email address, although strongly
suggested by most descriptions and how-to articles I found, was not
real. One of the first keys I created was the one use to I sign these
messages; the <a at b.c> is because whatever PGP version I was using
wouldn't create a key without an "email address" of
string at string.string and I was unaware of example.net at the time.
MFPA mailto:expires2011 at ymail.com
Is it bad luck to be superstitious?
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users