Security of the gpg private keyring?
kgo at grant-olson.net
Tue Mar 1 01:32:05 CET 2011
On 2/28/11 7:09 PM, David Tomaschik wrote:
> On 02/28/2011 05:40 PM, MFPA wrote:
>> I think key UIDs generally reveal more information than I am
>> comfortable with. For example, why does your UID need to contain your
>> email address in plain text rather than as a hash? Searching for that
>> email address would need to return any keys that matched on the hashed
>> version in addition to any keys that matched on the plaintext version.
>> Somebody knowing the email address (or name or hostname) could find
>> the key but mere inspection of the key UIDs would not reveal all its
>> owner's names, email addresses, etc.
>> I'm usually told such an option does not exist because it would serve
>> no purpose and/or there would be no demand for it.
> While I understand your concerns, I think it would just be nice if the
> owner of a key could set a flag on it indicating that they did not want
> their key published to keyservers. Then privacy could be preserved with
> MUCH smaller changes to infrastructure. (Though, admittedly, it might
> require a change in the OpenPGP spec, which would actually be much larger.)
There actually is a 'keyserver no-modify' setting in the spec, and by
default just about every key has it turned on.
But to honor it the keyservers would have to do crypto. And after that
it creates an issue with syncing. If I upload a key to
pool1.sks-keyservers.net, and it tries to sync with
pool2.sks-keyservers.net, how do you maintain the custody chain?
Both problems are, as they say in engineering-speak, non-trivial.
"I am gravely disappointed. Again you have made me unleash my dogs of war."
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 570 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users