Secret key holder identity (was: Local file encryption)

Joseph Oreste Bruni jbruni at mac.com
Mon Feb 19 21:27:38 CET 2007




On Feb 19, 2007, at 11:54 AM, NikNot wrote:

> On 2/19/07, Adam Funk <a24061 at yahoo.com> wrote:
>> Is there any reason to physically secure your *public* keyring in
>> ...  (Well, I suppose you might want to hide your secret identity!)
>
> Unfortunately, the whole GPG, with WebOfTrust construct, makes the
> assumption that there is no need whatsoever to protect the identity of
> the secret key holder (and, by extension, that traffic analysis - as
> opposed to the secret content analysis - is not something to be
> concerned with).
>
> NikNot
>
> ___

It's funny you mention this: I got into an argument with a  
"consultant" about how X.509 certificates are a privacy violation  
because your identity is encoded into the "subject" field. I kept  
asking him, "How would you know whose cert. it is without it?" At any  
rate, there are lot of bozos in the world posing as "security  
experts" who shouldn't be taken seriously.

Joe

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2508 bytes
Desc: not available
Url : /pipermail/attachments/20070219/e55b3db3/attachment.bin 


More information about the Gnupg-users mailing list