hashed user IDs [was: Re: Security of the gpg private keyring?]

MFPA expires2011 at ymail.com
Wed Mar 2 20:25:17 CET 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 2 March 2011 at 4:07:19 AM, in
<mid:A27B6155-D269-47F2-923D-873E0C3F76FF at sixdemonbag.org>, Robert J.
Hansen wrote:


>> The benefits of your phone number being ex-directory
>> are the benefits that derive from it being harder for
>> people to obtain your phone number without your
>> permission, harder to link the number to your
>> name/address, and impossible to find your address or
>> phone number by looking in the phone book.

> Here the analogy breaks down.  Generally speaking there
> is only one telephone directory for a given geographic
> area, which makes it possible for you to keep your
> phone number private by keeping it out of that one
> directory.

Once, maybe. But for quite a few years (in the UK at least) there have
been many competing directory enquiries services, and more recently
the online versions as well. Choosing to be ex-directory is a
binding instruction to your telephone company not to release your
number to any such services.



> Email doesn't work the same way.  There is no
> centralized directory.

It is also much easier to create new email addresses than it is to
change phone numbers. And more practical to have multiple or
short-life email addresses than is the case with phone numbers.



> To keep your email private
> requires that you fastidiously keep it out of
> thousands, tens of thousands of directories.  This
> doesn't strike me as very practical.

For somebody who uses the same email address to communicate with many
contacts and keeps the same email address for a long time, that is
true. For somebody like me who uses various different email addresses
and replaces some of them on a regular basis it is plenty practical
enough.



> The benefits of keeping a telephone number out of the
> directory do not seem analogous to keeping an email
> address off the certificate servers.

Not exactly analogous (hence my "admittedly not a direct comparison"
when I introduced it) but I have drawn enough parallels for it to be a
relevant comparison. Of course there are differences.

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Vegetarian: Indian word for lousy hunter!!!
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNbpmnnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pOmsD/1/V
0tg8BJz1uLyfHWfcQq3l/1eaIxBfa3+z3d68LYQ5ZcsoBNlJxAd/80FKmBb0a83r
8h7EuQsJZcHTLfPTUjB6dS1D8ffqp/e3K/lCQSzy4yccgiw1QwTPzf3C1L3THePa
LDAqa2PSctUip578m/yRehrcR2E2CYt1NOlpfWEM
=1E41
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list