key question

Paul Richard Ramer free10pro at gmail.com
Tue Mar 16 07:02:15 CET 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello MFPA,

On Mon, 15 Mar 2010 14:49:32 +0000 MFPA wrote:
>> I think that I disclosed less than you may have gotten
>> the impression that I did, since those addresses were
>> never private information.
> 
> I don't understand the comment that they were never private
> information. They will have been private information from their
> inception up until the time you publicised them or published them.

I meant that at the time that I decided to include them into my key's
UIDs, I had already shared those e-mail addresses a lot.

>> Probably not.  I might consider it, though.  I would
>> most likely create a UID like your's--pseudonym and
>> nothing more.  Then use the key with e-mail accounts
>> that would never have information about my real
>> identity.
> 
>> This doesn't mean that the hashed UIDs idea couldn't be
>> good for someone else.
> 
> I see the target user as somebody who wishes to keep their personal
> contact details private, but wants openPGP users who already have
> their contact details to be able to discover their key.
> 
> Not wishing to reveal my email address in my key, when faced with all
> the literature saying I should, was one of the main reasons I didn't
> adopt PGP the first couple of times I looked at it. Since I have no
> reason to expect my thoughts on this to be unique, I believe the
> hashing option for the information in UIDs would remove an obstacle
> that deters some people from using openPGP.

Given the current system, I think that it would be good to educate new
adopters that an e-mail address in the UID is optional.

>> If I am to have multiple communications with an
>> anonymous entity, I have to know that the last
>> anonymous entity and the one that I am talking to now
>> are the same.  There has to be something identifying.
>> It doesn't matter what it is, but it must be there.
>> Would I risk sharing secret information with the wrong
>> person?
> 
> That doesn't only apply to anonymous entities. For example, is today's
> John Smith the same John Smith I communicated with last week?

Well, unless you have a way to prove who John Smith is, he is about as
anonymous as a pseudonymous entity.

>> Perfect anonymity is like perfect privacy.  They are
>> both impossible to have if we are to live our lives
>> while having relationships and associations.
> 
> What is perfect anonymity? If I recognise somebody by sight as being
> somebody I have seen before but know nothing about, are they no longer
> perfectly anonymous to me? Is somebody with many short-term
> relationships and associations more anonymous than somebody with fewer
> but long-term? One is known to more people but each knows less about
> them.

Perfect (i.e. absolute) anonymity is the quality of having the inability
to connect any actions to an entity, regardless of whether that entity
is identified by a speech pattern, pseudonym, real name, or something else.

>> In fact, just by posting to this mailing list we have
>> given up some privacy or anonymity.  The nature of the
>> way we write, what we think, the experiences that we
>> relate--all of these reveal something about ourselves.
> 
> When the reader is Big Brother, or a potential employer or blackmailer
> etc., that might matter. When the reader is a random stranger, I
> prefer to think it doesn't. I'm confident I don't post anything that
> should prompt anybody to identify and come after me.

I was just referring to privacy disclosure as though it were measured by
a scale measuring from absolutely no disclosure to total disclosure.

>> Similarly, perfect anonymity will fail once someone can
>> connect multiple messages or activities to an identity
>> (whether or not that identity is a pseudonym, real
>> name, or something else).
> 
> How is that of consequence until they make the link between the
> identity and the person (or people) behind it? Knowledge that "John
> Smith" engages in certain activities is of no use until the "John
> Smith" in question has been pinpointed.

I wasn't talking about practicality but about absolutes.  In absolutes,
if two messages are connected to the same identity, there is no longer
absolute anonymity.  But this doesn't matter, because, in practicality,
no person has yet been identified.

>>>> Private dissemination within a public venue.
> 
>>> I don't know why, but that simple phrase suggests to
>>> me that you think it would be a bad thing.
> 
>> No, I think that it is fine.  Probably the reason that
>> sentence comes off the way it does is that I previously
>> inferred that you wanted a "keyserver that you can
>> upload publicly and download privately", and I felt
>> that your answer to that question skirted around saying
>> "yes".
> 
> It did, because I was not sure I could attach the correct meaning to
> "upload publicly and download privately" to answer "yes." (-:

Understood.  I think that "private dissemination within a public venue"
is a better description than "upload publicly and download privately".

> Public dissemination is definitely the keyservers' function, but is it
> also their purpose?
> 
> Why would I want to download somebody's key?
> 1. to verify a signature.
> 2. to sign their key after meeting them and verifying ID documents.
> 3. to encrypt a message to them.
> 
> For 1 and 2, I already know the key ID. For 3, I already know the
> email address.
> 
> Is there something I have missed about the purpose of a keyserver,
> that dictates it needs to show me the email address if I don't already
> know it?
> 
> I'm not saying one way is "right" and another is "wrong," just that
> exposing personal contact details is a privacy concern and I don't see
> any inherent advantage.

Different things for different people.  That's my belief. :-)

>> I imagine that you will tell me that I am a fruit cake,
>> but I could waste my words on a whole post to
>> demonstrate this subtlety.
> 
> I'm sure if you did it would make interesting reading, but it's not
> necessary.

Far too unnecessary. ;-)


>> There is no One True Way and no one-size-fits-all.
> 
> Indeed. The UID hashing idea, that I read about during the life of
> this thread, would be an additional option to accommodate an increased
> range of privacy goals. Possibly that particular niche is too marginal
> to be worth implementing, but it shouldn't be dismissed without
> consideration.

Because that niche might be to marginal, I recommended that making a
working keyserver with those features would be the way to go.  Then, if
the usage is high enough, get the other keyservers to implement it.

If you (or someone else who is interested) have the right skills, you
could download the SKS keyserver code that is located at
http://sks-keyserver.googlecode.com/files/sks-1.1.1.tgz and begin
hacking it.  Then after you have created working code, you could try to
get it integrated into the existing codebase.


- -Paul

- --
"You are free to rip me off.  Just remember to credit me." --self

PGP Key ID: 0x3DB6D884
PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQGcBAEBCAAGBQJLnx7QAAoJEJhBiuhgbQLItNAMAITPNECEql+ajKABdpcTjEWp
1Zwylp920T4j0SZX+761pIsgwCEuy2FpDylJRI3+Iw7JmS/OK/0HWFOUvlo81fwz
evXChj22E4e60j+hTIAj75bI9ziZsHN3gKXOtau1RZPgN4Zhb5xtbMXcRDQmbyjW
cZtUoEbadLN/izRoJCZcp9Cll6q+hMUTwQ/W8IhqLaGNqztxplydO+dZsEydhTXT
nQRFOkJu/eknutHIQpS1p0j/ZieX1xnB/h5GxQ8r8B8ZqEXGp7elCWT4bDBs6h4G
RAIIQM3RUYaXiZRNFZ0EXTyw3xb52lNS0VBEsx6AY7O5DZUrdO0/igmZVeRoWD0H
/MVia4kXbGBCws/QXLpeuX8Nh3X8DyTXsXM92lRusybXWGcJnYYmq5Fyy7EBuE6v
QGvvNoqKBIgjyyW3tnTatjOtaHskPJDZ33zegjU/eaXM0eelONOefYkvEHXj0ydY
kwBb2J3/u6dMM7/ubdUZTDuG4+eLpS8P4pr03oWkqQ==
=W33K
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list