key question

Paul Richard Ramer free10pro at
Fri Mar 19 07:54:06 CET 2010

Hash: SHA256

On Sat, 13 Mar 2010 20:05:21 +0000 MFPA wrote:
>> I can't speak for other people, but I can for me.  Take
>> > a look at the UIDs on my key, which is
>> > 0xC7C66ADF3DB6D884.  And also, take a look at my master
>> > key 0x2188A92DF05045C2 that I signed the other key
>> > with.
>> > Each of those e-mail addresses on my keys are ones that
>> > were already associated with my real name.  I had given
>> > each of those addresses to family, friends, associates,
>> > businesses, or a combination of them.  Not one of those
>> > accounts had given me any anonymity, and each had been
>> > shared outside of people I knew personally.
>> > By uploading a key with those addresses on it, does
>> > that mean I gave up privacy that I already had?  No.
> It looks to me as if the answer is "yes." Unless each person who had
> one of your email addresses already knew the other addresses before
> seeing them on your key, they now have extra information about you.
> And the addresses have jumped from "shared outside of people [you]
> knew personally" to published in a universally-accessible location.
> However minor/negligible or unimportant you may consider it, that's a
> reduction in privacy.

You are, of course, assuming all of my contacts know what PGP is, how to
use a keyserver, and have fetched and examined my key.  Although I have
potentially disclosed my e-mail addresses to the whole world, my actual
disclosure has been less than had I posted those e-mail addresses to a
web page or handed a copy of my key UIDs to whomever.

But you know what?  I don't care.  I created those UIDs with the belief
that if I shared them with one person, I shared them with the world.  I
intentionally made that information public, which is different from
accidental disclosure.

Also the use of a keyserver in my case was good, because I don't have
any means of distributing my key electronically other than by e-mailing
my key to every person that may request it.  So a keyserver fits the way
I want to work.

- -Paul

- --
Privacy is good.  Use PGP.

| PGP Key ID: 0x3DB6D884                                              |
| PGP Fingerprint: EBA7 88B3 6D98 2D4A E045  A9F7 C7C6 6ADF 3DB6 D884 |
Version: GnuPG v1.4.10 (GNU/Linux)


More information about the Gnupg-users mailing list