Privacy Implications Of Signing Keys

Psy-Kosh psykosh at earthlink.net
Fri Jun 17 23:26:52 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>Just wondering (as you do)... as great as it is signing other people's
>>>>keys, someones public key does actually reveal quite a lot about the
>>>>real world movements and aquaintances of the keyholder as it accumulates
>>>>signatories does it not?
>
>>
>> Yes, but if you want to remain anonymous what is the point of
>> cryptographically signing your e-mail? You can't have it both ways.


Not to mention that anyone can sign keys, independant of the will of the
key's owner. (I think a protocol to actually remove unwanted sigs from a
key may be useful. (ie, a way to have the removal propagated by the
keyservers)) For instance, a friend of mine apperently signed my key
with a couple nonsense keys he generated just to emphasize the point.

Psy-Kosh
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQCVAwUBQrNAHJzw44XQRmJ0AQIUgAP/YauOXnZRGJPcyp8+Ns/mZmO2K7VJJDrD
IFlDrt6io495sWae6boGhTTXwsKVeiK27c3k64FgVSSoP9UU18XMdOQK+pcTUE4L
lzc9oCPFVyq7c4EwL6JezYHXo2uq1I7Iaua3RfNv32tnE8n22tLRwzZY5/BlreE/
MQ2zoztvswM=
=Ii6a
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list