key-signing for pseudonyms
Malte Gell
malte.gell at gmx.de
Tue May 18 18:37:28 CEST 2004
On Tuesday 18 May 2004 16:02, Thomas Sjögren wrote:
> Keysignings is in a way a threat to privacy. It's not to hard to
> create a sociogram of a persons key, mapping the date of the
> signature and name of the signer.
> if one wants to be blunt: gpg protects your communication but not
> your privacy. but that is probably pushing it a bit.
...
> i would rather see a semianonymous signature type which would only
> allow the owner of the key and the signer to reveal the signature
> info (name, date, email etc). almost like Chaums group signatures.
Gpg already has the needed features to do something like this, though
probably violating some principles.
You locally sign someone's key and force the export with --export-option
include-local-sigs and the other person uses allow-local-sigs to import
this local signature (see manpage). This way you can have your key
signed without "spreading" the signatures unintentionally e.g. to
keyservers.
Of course it's not totally bulletproof since the recipient of such a
signature can always enforce the export if he really wants to do so.
How far this procedure is useful at all may is something different., it
makes only sense for a closed group of people.
Malte
More information about the Gnupg-users
mailing list