hashed user IDs [was: Re: Security of the gpg private keyring?]
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Mar 2 21:14:08 CET 2011
On 03/02/2011 02:25 PM, MFPA wrote:
> For somebody who uses the same email address to communicate with many
> contacts and keeps the same email address for a long time, that is
> true. For somebody like me who uses various different email addresses
> and replaces some of them on a regular basis it is plenty practical
it sounds to me like you've simply made it difficult for people to
correspond with you over long periods of time because your e-mail
address isn't likely to continue working.
If your only concern is that you don't want your e-mail address publicly
visible on the keyservers, just make a User ID with no e-mail address at
all, and leave it at that.
You'd still need to do the work of changing, say, MUAs to re-think their
key-selection criteria to include keys without e-mail addresses (maybe
just based on the human-readable part of the To: header?)
But you wouldn't have to do any of the following:
* specify and try to reach consensus on the syntax of a "standard"
Hashed User ID
* modify underlying OpenPGP implementations to try digested searches
* convince third-parties that it is worth their while to certify
digested user IDs
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1030 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users