Security of the gpg private keyring?

[MFPA]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Monday 28 February 2011 at 3:47:16 PM, in
<mid:AANLkTi=ar9kOE_AFvwKiajB4t+6mqqYwc20e+kenLhne at mail.gmail.com>,
Guy Halford-Thompson wrote:


> Thanks for the help, didnt really occur to me how much
> info is available in the public keyring, guess you cant
> do much about it tho.


I think key UIDs generally reveal more information than I am
comfortable with. For example, why does your UID need to contain your
email address in plain text rather than as a hash? Searching for that
email address would need to return any keys that matched on the hashed
version in addition to any keys that matched on the plaintext version.
Somebody knowing the email address (or name or hostname) could find
the key but mere inspection of the key UIDs would not reveal all its
owner's names, email addresses, etc.

I'm usually told such an option does not exist because it would serve
no purpose and/or there would be no demand for it.


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

It is not necessary to have enemies if you go out of your way to make friends hate you.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNbCRjnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pHSwEAMHh
zrjvVf+j2wCkR7mERunLYQzrPB7FHMoVC9wTKGYp/EJ3/ItinP6qyBFpVBRFWwUx
XmzD2q/rV/MqLeSXkCdpaWNGqOL2oNSu/W4mhf5MJ5BSj7lshIv79Wp1F0IlJ2eY
bNq3tSqUFTOTpFuMMaYu6rmxT7UNyKLS4ljfDkAo
=rj3N
-----END PGP SIGNATURE-----