Security of the gpg private keyring?
expires2011 at ymail.com
Mon Feb 28 23:40:27 CET 2011
-----BEGIN PGP SIGNED MESSAGE-----
On Monday 28 February 2011 at 3:47:16 PM, in
<mid:AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne at mail.gmail.com>,
Guy Halford-Thompson wrote:
> Thanks for the help, didnt really occur to me how much
> info is available in the public keyring, guess you cant
> do much about it tho.
I think key UIDs generally reveal more information than I am
comfortable with. For example, why does your UID need to contain your
email address in plain text rather than as a hash? Searching for that
email address would need to return any keys that matched on the hashed
version in addition to any keys that matched on the plaintext version.
Somebody knowing the email address (or name or hostname) could find
the key but mere inspection of the key UIDs would not reveal all its
owner's names, email addresses, etc.
I'm usually told such an option does not exist because it would serve
no purpose and/or there would be no demand for it.
MFPA mailto:expires2011 at ymail.com
It is not necessary to have enemies if you go out of your way to make friends hate you.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users