Security of the gpg private keyring?
kloecker at kde.org
Tue Mar 1 21:56:56 CET 2011
On Tuesday 01 March 2011, David Shaw wrote:
> On Feb 28, 2011, at 7:09 PM, David Tomaschik wrote:
> >> I think key UIDs generally reveal more information than I am
> >> comfortable with. For example, why does your UID need to contain
> >> your email address in plain text rather than as a hash? Searching
> >> for that email address would need to return any keys that matched
> >> on the hashed version in addition to any keys that matched on the
> >> plaintext version. Somebody knowing the email address (or name or
> >> hostname) could find the key but mere inspection of the key UIDs
> >> would not reveal all its owner's names, email addresses, etc.
> >> I'm usually told such an option does not exist because it would
> >> serve no purpose and/or there would be no demand for it.
> > While I understand your concerns, I think it would just be nice if
> > the owner of a key could set a flag on it indicating that they did
> > not want their key published to keyservers. Then privacy could be
> > preserved with MUCH smaller changes to infrastructure. (Though,
> > admittedly, it might require a change in the OpenPGP spec, which
> > would actually be much larger.)
> This flag actually exists in OpenPGP already (and what's more, GnuPG
> even sets it by default). The catch is that none of the other
> infrastructure (keyservers, mainly) checks it, and given the current
> design of the keyservers and how they sync key data between them,
> they can't easily check it. It would be a very large (I'd say even
> larger than the hashed user ID example above) task to make this flag
> truly useful.
Hmm. Why do the keyservers need to support it at all? IMO the clients
that want to upload a key should check for this flag and warn the user
if a key has this flag. Of course, this won't stop people from uploading
keys with clients that do not support this flag, but at least those
people that use a flag-enabled client will be made aware of the key
owner's wish not to upload the key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users