hashed user IDs [was: Re: Security of the gpg private keyring?]

Grant Olson kgo at grant-olson.net
Tue Mar 1 03:20:12 CET 2011


On 02/28/2011 08:54 PM, Daniel Kahn Gillmor wrote:
> On 02/28/2011 07:44 PM, Grant Olson wrote:
> 
> You can pull a copy of a stalled/never-submitted Internet-Draft from here:
> 
>   git://lair.fifthhorseman.net/~dkg/openpgp-hashed-userids
> 
> If anyone wants to push this further, please let me know.
> 

I'll take a look when I get some more time.

To be honest though, I'm not particularly interested in the feature either.

I was just trying to illustrate that MFPA could get something going
without needing a new OpenPGP RFC, or without spending years of effort
until he got tangible results.  And if the (non)standard got got popular
enough, tools, whether they be keyservers or mail clients or gnupg,
would start to handle hashed userid lookups.

Even just two simple script that wrap around gnupg,
'generate-hashed-userid' and 'retrieve-hashed-userid', would be a huge
start.

> 
>> If that could be agreed on, you could probably get a few mailing list
>> regulars to add that ID in addition to their normal UIDs.
> 
> Having a hashed User ID alongside your non-hashed User ID provides no
> benefit at all (unless you consider confusing people trying to
> understand and/or certify your OpenPGP certificate a benefit).
> 

Yes, of course.  I was just thinking of the initial implementation and
testing phase.  It'd be nice if MFPA could see that the tools work
correctly, by seeing the 'before' and 'after' versions of UIDs, and
without people having to maintain a separate secret key.  I wouldn't
mind testing to help out, but I'm not throwing away my current key
anytime soon.

-- 
-Grant

"Look around! Can you construct some sort of rudimentary lathe?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 565 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110228/d67e4328/attachment.pgp>


More information about the Gnupg-users mailing list