Secret key holder identity (was: Local file encryption)
Joseph Oreste Bruni
jbruni at mac.com
Mon Feb 19 21:27:38 CET 2007
On Feb 19, 2007, at 11:54 AM, NikNot wrote:
> On 2/19/07, Adam Funk <a24061 at yahoo.com> wrote:
>> Is there any reason to physically secure your *public* keyring in
>> ... (Well, I suppose you might want to hide your secret identity!)
>
> Unfortunately, the whole GPG, with WebOfTrust construct, makes the
> assumption that there is no need whatsoever to protect the identity of
> the secret key holder (and, by extension, that traffic analysis - as
> opposed to the secret content analysis - is not something to be
> concerned with).
>
> NikNot
>
> ___
It's funny you mention this: I got into an argument with a
"consultant" about how X.509 certificates are a privacy violation
because your identity is encoded into the "subject" field. I kept
asking him, "How would you know whose cert. it is without it?" At any
rate, there are lot of bozos in the world posing as "security
experts" who shouldn't be taken seriously.
Joe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2508 bytes
Desc: not available
Url : /pipermail/attachments/20070219/e55b3db3/attachment.bin
More information about the Gnupg-users
mailing list