key question

MFPA expires2010 at
Tue Mar 16 11:24:52 CET 2010

Hash: SHA512


On Tuesday 16 March 2010 at 6:02:15 AM, in
<mid:4B9F1EE7.9000404 at>, Paul Richard Ramer wrote:

> On Mon, 15 Mar 2010 14:49:32 +0000 MFPA wrote:
>> I don't understand the comment that they were never
>> private information. They will have been private
>> information from their inception up until the time you
>> publicised them or published them.

> I meant that at the time that I decided to include them
> into my key's UIDs, I had already shared those e-mail
> addresses a lot.

I see what you mean, but I would still consider them to be private
information. I have a record of numerous people's email addresses and
phone numbers but each is a piece of private information appertaining
to the person it can be used to contact.

> Given the current system, I think that it would be good
> to educate new adopters that an e-mail address in the
> UID is optional.

So do I.

>> That doesn't only apply to anonymous entities. For
>> example, is today's John Smith the same John Smith I
>> communicated with last week?

> Well, unless you have a way to prove who John Smith is,
> he is about as anonymous as a pseudonymous entity.

That's what I meant: the fact of it being his real name rather than a
pseudonym makes no difference.

> Understood.  I think that "private dissemination within
> a public venue" is a better description than "upload
> publicly and download privately".

It also has the feel of quite a catchy slogan. (-;

>> Indeed. The UID hashing idea, that I read about during
>> the life of this thread, would be an additional option
>> to accommodate an increased range of privacy goals.
>> Possibly that particular niche is too marginal to be
>> worth implementing, but it shouldn't be dismissed
>> without consideration.

> Because that niche might be to marginal, I recommended
> that making a working keyserver with those features
> would be the way to go.  Then, if the usage is high
> enough, get the other keyservers to implement it.

> If you (or someone else who is interested) have the
> right skills, you could download the SKS keyserver code
> that is located at
> and begin hacking it.  Then after you have created
> working code, you could try to get it integrated into
> the existing codebase.

That obviously makes sense.

- --
Best regards

MFPA                    mailto:expires2010 at

Put knot yore trust inn spel chequers


More information about the Gnupg-users mailing list