key question

MFPA expires2010 at ymail.com
Sat Feb 27 20:21:06 CET 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 27 February 2010 at 6:11:29 AM, in
<mid:4B88B791.7000100 at sixdemonbag.org>, Robert J. Hansen wrote:



> There is a perceived need for $150 bowls of soup, as
> evidenced by dozens of high-priced gourmet restaurants
> in major cities.  The existence of a market for a
> service is not evidence that the service is generally
> useful or needed.

Point taken.



>> In any case, I've never seen a convincing argument
>> *for* including  email addresses in the UID of a PGP
>> key.

> First, the status quo doesn't need arguments in its
> favor.  The status quo exists.  *Changing* the status
> quo is what requires arguments in its favor.

I have always been taught to challenge the status quo. "Because that's
the way we do it" is *never* a good reason to continue doing something
in a particular way.

I understand that showing your email address in the UID makes it
easier for people to find your key, the perceived advantage being that
this makes it more likely you will receive encrypted mail. My
contention is that the de facto standard of revealing email addresses
in key UIDs could actually be mitigating *against* the use of
encrypted mail, by discouraging people from publishing keys or even
from using openPGP in the first place.

There is a widespread perception (rightly or wrongly) that exposing
your email address publicly on the internet will lead to that email
address being spammed into oblivion. The new openPGP user is exhorted
to create a key pair using their name and email address as the UID,
and to upload this key to a server. That advice, coupled with the
default configuration's enforcement of including an email address (or
something that appears to be one) clearly has the potential to scare
potential users from experimenting with openPGP in the first place.



> Second, then you don't have to include it in yours.
> Why are you bringing this up?

Because you suggested in an earlier post in this thread that it was
somehow acceptable to publish somebody's key to a server without their
consent. To me, wantonly publishing other people's contact details
appears contrary to the desire to protect personal privacy.



> I don't care what your
> UID is, and I don't want you to have a vote in whether
> I put an email address in mine.

I don't want such a vote. Whether somebody chooses to include an email
address in their UID is up to the individual. I have not seen anything
that convinces me it is better for me to include one.



>> If their key lived at their own website or on an email
>> responder, for example, you could still do this -
>> except the note of the fingerprint and key-id would
>> also need to contain a URL.

> In which case you're still hosting it publicly, so why
> not use the keyservers?

Because by hosting it yourself, you have control over what signatures
and UIDs appear on the published key. Or is that just an illusion?



>> OK OK, the post I was replying to when I started this
>> stated "It is  also a good idea to send your key to
>> the keyservers." I do not see  this statement as any
>> kind of self-evident truth, yet I have been
>> thoroughly taken to task for questioning it.

> This is not "taking you to task."  This is listening to
> your claims, and giving strong arguments against them.

Many of the replies I've read in this thread have that character.
Others have tended more towards criticising me for holding a different
opinion and/or dismissing anything I said. Maybe I'm just being
over-sensitive, but I got the impression I had touched some raw nerves
somewhere along the way.



> That said, it is broadly true that it's a good idea to
> send keys to the keyserver network.  The reasons why
> have already been well-explained. Your reasons why not
> are either unfounded or debunked.

The collective response on this thread has indeed debunked a few myths
for me. The main issue I'll never be converted on is the potential
privacy problem of publishing somebody else's key to the servers.



> In your voluminous defense of privacy rights, you've
> not given any numbers for what fraction of users need
> or want to keep their public keys private.  If you're
> arguing that the "good idea" we've advocated is not a
> good idea, you need to show there are substantial
> numbers of users who will be negatively impacted.  You
> haven't.

If I was able to show that, those who need/want such privacy would be
making a poor job of trying to enforce it. I don't care how many users
this affects. For me, what matters is that any key I encounter *could*
relate to one of them.

Whoever's details may on a key (or in the body of an email, or
anywhere else), I have no business publishing them.



> You've talked about the danger of reputation being
> slandered by implication of association: but as David
> Shaw has pointed out, if someone wants to do that there
> are much easier ways to do it than with keys.

True. I only mentioned it because a contact experienced business
problems as a result of this.



> You've talked about making it easy for law enforcement
> to learn who communicates securely with whom: but as
> I've said, law enforcement (at least in the US, and
> probably also the UK) has much easier ways to learn
> this.

Echelon. Records from ISPs. Traffic analysis...



> You've talked about spam

Spam was one of my initial concerns, so I created a key containing my
name and a real email address that I actually do use. That key has sat
at BigLumber for over 5 years and on the keyservers for about three
years. That address generally attracts 2-3 spam messages a month. The
only messages encrypted to that key have been when I requested Login
tokens from BigLumber.



> The status quo is, "it is generally a good idea to send
> your key to the keyserver network."

That is a very different statement to the one you made a few lines up;
changing "keys" to "your key" resolves the privacy problem of
exposing other people's contact details.



> If you want to change that, the burden is on you to present
> persuasive evidence supporting a change. So far I've not
> seen it, which means the status quo stands.

I think that rather than just bald exhortation to use the keyservers,
people could usefully be pointed to a discussion of the pros and cons
so that they can make an informed choice. I would also welcome an end
to the presumption that people will want to include their email
address in their UID.


- --
Best regards

MFPA                    mailto:expires2010 at ymail.com

Reality is nothing but a collective hunch.
-----BEGIN PGP SIGNATURE-----

iQCVAwUBS4lwraipC46tDG5pAQoB3QQAnRVJg+c1iw315vOMc+8v2FcUFrcPyN7o
SjbKN1cgbc//OlAgKDmpxvcwe0UHM/ke+2C1NVJlpdrvZ6OTnUzLFdYRqKgHiYDq
R9+8TjdJVzeAFT7ecFo/vtu/q97N7AzjTYf/tGMDvT73lZRM9a1L+w3teqz+Oe68
sDfvuzzFIV4=
=PCLd
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list