key question

MFPA expires2010 at ymail.com
Fri Feb 26 17:23:20 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Paul


On Thursday 25 February 2010 at 10:30:00 PM, you wrote:


> In my case, the reason that I uploaded my keys to public keyservers was
> to make it possible for anyone who wanted to privately communicate with
> me to do so.  Even if I didn't know them.

Do many people check the keyservers for a possible key when they
contact somebody they have not emailed before?



> If the reason for keeping the public key to yourself is that you don't
> want anyone, except for a selected few, to know your "secret" e-mail
> address, then create two e-mail addresses.  One will only be shared with
> people you know intimately, and the other will be for the public.

Or upload a key with no email address in the user-id. If you use
multiple email addresses and change them regularly, this is simplest.
Of course, some mail apps use the email address to choose the
encryption key, so some contacts may be inconvenienced by this.



> I never understood how anyone would want to use PGP for e-mail privacy,
> and, subsequently, keep the public key a secret!  I don't see any reason
> why a person would keep his key off the public keyservers, short of
> preventing spam.  And you know what, he would get spammed anyway.

I don't think there is much evidence of spammers harvesting email
addresses from keyservers but you would expect it to happen to an
extent.

Use of encryption may put an individual under suspicion of illegal or
subversive activity, or in some places may be illegal itself. Isn't
that a good enough reason to not want a key on a public server showing
your name and/or an email address that can be traced to you?


- --
Best regards

MFPA                    mailto:expires2010 at ymail.com

You can't build a reputation on what you are going to do
-----BEGIN PGP SIGNATURE-----

iQCVAwUBS4f1gKipC46tDG5pAQr5dgP+OPE+I9WGuYSkv8H0qYQuoodgY8fpYLw9
F7N/Lnzh8gPKKdTem71ifku+HMb6qUqPRKURUy2lC33u5QDObl4bYTUd5x5L/H1w
0FeWgR1AI4JVGCYLXb/wSnEe900CDEbGi8gRyI7oiKZpPhm+fSHfcZTpiRNW4hqK
Y5il1bwtfgU=
=OLRs
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list