key question

MFPA expires2010 at ymail.com
Sun Feb 28 05:33:42 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Robert


On Saturday 27 February 2010 at 8:03:15 PM, you wrote:


> On Feb 27, 2010, at 2:21 PM, MFPA wrote:
>> I have always been taught to challenge the status quo. "Because that's
>> the way we do it" is *never* a good reason to continue doing something
>> in a particular way.

> The status quo has something going for it: it works.

Otherwise stated (with a deal of wisdom) as "if it ain't broke, don't
fix it.



> 95% of all new ideas are awful and should be discarded. New ideas
> are how the status quo changes for the better, but that doesn't mean
> we should throw out the status quo just because an idea comes along
> which happens to be new.

Firstly, it seems unlikely I have presented any new ideas.

Secondly, that does not look like a reason to resist reanalysing the
status quo.



>> My
>> contention is that the de facto standard of revealing email addresses
>> in key UIDs could actually be mitigating *against* the use of
>> encrypted mail, by discouraging people from publishing keys or even
>> from using openPGP in the first place.

> It's an interesting idea,

But not new to you. After I wrote on here, I found
http://marc.info/?t=125471254900001&r=1&w=2 which hypothesised
essentially the same issue and proposed one possible solution.



> but I don't see any facts to back it up.
> How many users are dissuaded?

I have no idea how I could conduct a survey to answer that question.
If you know, please advise me.

A change to *not* telling new users they should publish their email
addresses would be expected to give some clues as to the validity of
this theory.



> Is this a major concern, or not a concern?

Personal privacy is a major concern, in this age where governments and
companies constantly seek to undermine it. Else, governments would not
have been forced to make concessions such as introducing privacy and
data protection laws.



> What does the published literature say about it?  And so on, and so on.

Specifically on the subject of concern over email addresses on PGP
keyservers, I have been able to find the thread I linked to above and
nothing else. You could hypothesise that there is no such concern,
that I have consistently used inadequate search terms over several
years, that people who are concerned about this do not adopt openPGP,
that people who adopt openPGP quickly realise this is not a concern,
or probably a dozen other things.


More broadly, there are any number of sources discussing concern about
exposing your email address publicly on the internet.



> Speculation is great, but speculation isn't fact -- and we need to
> change the way we do things based on facts, not on speculations.  We
> can agree on facts, but our speculations will likely not overlap very much at all.

I'm sure anybody reading this can find multiple examples where speculation
has informed progress.



>> That advice, coupled with the
>> default configuration's enforcement of including an email address (or
>> something that appears to be one) clearly has the potential to scare
>> potential users from experimenting with openPGP in the first place.

> The same way the shotgun in my closet clearly has the potential to be used as a murder weapon.

Would making it clear that including an email address was not
compulsory (but encouraged for anybody who felt comfortable including
one) increase the take-up of openPGP?

Would removing your shotgun prevent a would-be murderer from killing
you?



> Potential != actuality.  All manner of potential things do not come
> to pass.  Before we change the way we do business, I'd like to know
> that we're changing to address a real problem, not merely a
> potential problem where no one really knows if it's a real problem or not.

Usually, the only way to establish if something *really* was an
impediment to people adopting a particular course of action is to
remove that could-be impediment, and make sure everybody knows you
have.



> The world has enough interesting problems to solve without us having to go off chasing ghosts.

Our opinions differ, but I do not see addressing legitimate concerns
about email security as "chasing ghosts."



>> Because you suggested in an earlier post in this thread that it was
>> somehow acceptable to publish somebody's key to a server without their
>> consent.

> I don't think I said it was "acceptable."  I would find it to be in
> poor taste, myself, if it were done deliberately.  However, I don't
> think it would amount to a moral or ethical failing.

Six quotes below, unless I've made a mistake, all are from yourself.
Whilst none includes the word "acceptable," each indicates that
opinion.

'If someone asks me nicely, "please do not upload this key," I will
probably say yes. But it is a *huge* leap to go from there to "do not
upload keys without the owners' permission."'

'The key says "public" right at the very top, and I think it's
unreasonable to expect people to infer that it means "no, don't share
it." This is why the burden is on the key provider: if you don't want
the key shared, you have to explicitly tell someone about it. If you
don't tell someone about it, they are allowed to think the phrase
"public" means just that.'

'You've denied that the person who created the key owns the
information on the key. In that case, the person who created the key
has no legal or moral right to control how that information is used.'

'However, he also seems to be advocating the advice of "generally
speaking, it's a good idea to put keys on the keyservers" be changed
to "generally speaking, it's not a good idea to share public keys
without the key owner's explicit permission." This is a pretty big
change in the conventional wisdom. Before I'll sign on to that I'll
have to see some strong reasoning, and I haven't.'

'For myself, I do not send keys up to servers without first checking
it with the recipient. This seems like good manners to me. However, I
don't view it as mandatory and I don't think we should view it as the
appalling breach of morality that MFPA seems to.'

'I'm going to follow the community practice of sharing keys widely,
unless there are compelling reasons to do otherwise.'



>> Because by hosting it yourself, you have control over what signatures
>> and UIDs appear on the published key. Or is that just an illusion?

> Illusion.

OK...



>> The collective response on this thread has indeed debunked a few myths
>> for me. The main issue I'll never be converted on is the potential
>> privacy problem of publishing somebody else's key to the servers.

> This is an argument from emotional conviction.  That doesn't mean
> it's invalid or inappropriate or that you shouldn't have this
> response -- don't get me wrong.  I like emotions; emotions are
> pretty cool things.  I just don't like arguing from emotional
> conviction, because I either share in the response or I don't.  If I
> do, then you don't need to say anything because I'm already on your
> side.  If I don't, then you don't need to say anything because you
> can't persuade me into having that particular emotional response.  I either have it or I don't.

> But just like there's nothing you can say to *me*, there's nothing
> I can say to *you*.  The instant you say "I will never be
> converted!", well, okay: thanks for letting me know.  I won't try to
> persuade you, because you've made it clear you won't be persuaded.

Kind of "let's agree to disagree?"
Or "we seem to be running out of arguments?"



>> If I was able to show that, those who need/want such privacy would be
>> making a poor job of trying to enforce it.

> So the lack of evidence is, itself, evidence?  That sounds more like a conspiracy theory.

I don't think that says the lack of evidence constitutes evidence.
Rather, I think it indicates a legitimate reason why evidence cannot
be brought to bear.



>> I don't care how many users
>> this affects. For me, what matters is that any key I encounter *could*
>> relate to one of them.

> This is an idealistic view of the world.  I like idealism.  I
> admire idealism.  I just think it's impractical and destructive.

How is it impractical or destructive to treat everybody's privacy
seriously on the grounds that, just occasionally, it might *really*
matter?


> What you're saying here is, "even if the advice were sound for one
> million users, and destructive to the privacy of just one, I still
> would not change because any key I encounter could be that one."

That is exactly what I am saying. Neutral for a million but
destructive for one, so let's all protect the one.



> The perfect is the enemy of the good.

Perfection is usually unattainable. That is no reason to resist
aspiring to the best that can be achieved.



- --
Best regards

MFPA                    mailto:expires2010 at ymail.com

Virtual workspace, Virtual Office, Virtual Job
-----BEGIN PGP SIGNATURE-----

iQCVAwUBS4nyUKipC46tDG5pAQpi/wP/QqNmNpbrQlXCeoPKbcQsbsdU3HOGTvv/
V1igcq00vQNC4iKgwoc+rDeJNINTSovfrNXEev6S3sShKXgt87+TZPn0oIf2FTZ4
tu1krSUf9Esn8FZ8g9HWZ/iexEz7CDCRB0QtYp5JZkpYHfrfCK4II8xddG7NeyJw
UV5NAkc1VXI=
=YoZ3
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list