key question

Grant Olson kgo at
Fri Feb 26 19:30:16 CET 2010

On 2/26/2010 12:38 PM, MFPA wrote:
> I am *not* advocating the implementation of any form of
> Digital Restrictions Malware (DRM).
> Uploading a somebody else's key without first checking it is OK by
> them is a breach of their privacy and could well be illegal/unlawful
> in jurisdictions with data protection legislation (for example, if a
> company published a customer's key, showing their name and/or email
> address, to a server).

As a practical matter, even if your contacts agree to respect your
wishes, it's still pretty easy for them to accidentally send it to the
keyservers.  Perhaps mis-typing a command when they try to upload their
own key.  Perhaps clicking the wrong button.  Perhaps because they just
don't really know how gpg works and start typing random commands.

From a practical perspective, whether it's right or wrong, you've got to
assume that if they can, they will, and that key will be out there
forever.  One of the reasons to use public/private key encryption is
because you don't always trust the other parties to do the correct thing.

So if you are worried about the keyservers having information that could
somehow implicate you in whatever, you'd need to obfuscate your UID, as
you mentioned in another post.  Asking people not to publish the key
doesn't offer any real protection.  And if you've done that, you might
as well publish the key yourself.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100226/1a1c6090/attachment.pgp>

More information about the Gnupg-users mailing list