Security of the gpg private keyring?

[David Shaw]

On Feb 28, 2011, at 7:09 PM, David Tomaschik wrote:

>> I think key UIDs generally reveal more information than I am
>> comfortable with. For example, why does your UID need to contain your
>> email address in plain text rather than as a hash? Searching for that
>> email address would need to return any keys that matched on the hashed
>> version in addition to any keys that matched on the plaintext version.
>> Somebody knowing the email address (or name or hostname) could find
>> the key but mere inspection of the key UIDs would not reveal all its
>> owner's names, email addresses, etc.
>> 
>> I'm usually told such an option does not exist because it would serve
>> no purpose and/or there would be no demand for it.
>> 
>> 
> 
> While I understand your concerns, I think it would just be nice if the
> owner of a key could set a flag on it indicating that they did not want
> their key published to keyservers.  Then privacy could be preserved with
> MUCH smaller changes to infrastructure.  (Though, admittedly, it might
> require a change in the OpenPGP spec, which would actually be much larger.)

This flag actually exists in OpenPGP already (and what's more, GnuPG even sets it by default).  The catch is that none of the other infrastructure (keyservers, mainly) checks it, and given the current design of the keyservers and how they sync key data between them, they can't easily check it.  It would be a very large (I'd say even larger than the hashed user ID example above) task to make this flag truly useful.

David