Security of the gpg private keyring?
expires2011 at ymail.com
Tue Mar 1 01:57:20 CET 2011
-----BEGIN PGP SIGNED MESSAGE-----
On Monday 28 February 2011 at 11:38:31 PM, in
<mid:D8186941-6E29-4358-9F0F-4A9C900CDA8B at jabberwocky.com>, David Shaw
> I think the problem here is the large size of the
> deployed infrastructure that expects user IDs to have
> email addresses in them
Apart from email clients, what infrastructure expects email addresses
> To make
> this change, you'd have to have a keyserver that could
> search in that manner,
Any keyserver could handle searching for both the plain text and the
hash: the client could query for one string, then for the other, then
combine the results.
> plus client support to make the
> hashes when talking to the keyserver, etc.
Hashes would need to be generated when selecting keys on the local
keyring too, not just when talking to keyservers.
> You'd have
> to handle the very-small-but-non-zero chance of a hash
> collision in the user ID, too.
A plaintext "collision" where two people have the same name in their
UID is nothing to write home about. Why would it be an issue if the
colliding string happened to be a hash?
MFPA mailto:expires2011 at ymail.com
Wise men learn many things from their enemies.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users