Privacy Implications Of Signing Keys
psykosh at earthlink.net
Fri Jun 17 23:26:52 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
>>>>Just wondering (as you do)... as great as it is signing other people's
>>>>keys, someones public key does actually reveal quite a lot about the
>>>>real world movements and aquaintances of the keyholder as it accumulates
>>>>signatories does it not?
>> Yes, but if you want to remain anonymous what is the point of
>> cryptographically signing your e-mail? You can't have it both ways.
Not to mention that anyone can sign keys, independant of the will of the
key's owner. (I think a protocol to actually remove unwanted sigs from a
key may be useful. (ie, a way to have the removal propagated by the
keyservers)) For instance, a friend of mine apperently signed my key
with a couple nonsense keys he generated just to emphasize the point.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users