hashed user IDs [was: Re: Security of the gpg private keyring?]

MFPA expires2011 at ymail.com
Sun Mar 6 14:12:11 CET 2011

Hash: SHA512


On Thursday 3 March 2011 at 12:33:27 AM, in
<mid:4D6EE1D7.2050707 at sixdemonbag.org>, Robert J. Hansen wrote:

> It's not a tangent at all, and for almost the exact
> reason you cite. You would say "it can easily be done."
> I would say, "it can easily be enforced."  I'm not
> seeing an effective enforcement mechanism here. Without
> that, I don't see how it can easily be done.

What would need to be enforced? If a user chose to use hashes when
creating their user-IDs, then all by themself without the need for any
enforcement mechanism they have obscured the data; somebody already in
possession of the data can compare hashes but somebody inspecting the
user-IDs cannot extract the information that is obscured.

> Basically what you're saying is, "I don't want other
> people to be able to publicly share data that I feel
> personally identifies me."  That's a perfectly
> understandable want, but you can't make data
> uncopyable. Digital information may be easily and near
> costlessly copied and shared: that's just its essential
> nature.

Precisely the point of using hashes in user-IDs: all that would be
available to copy and share is a hash of the data.

>> 3.      I have email addresses that you don't know.
>> These email addresses are readable from my key's user
>> IDs.         It is trivial for you to obtain these
>> email addresses.

>> 4.      I have email addresses that you don't know.
>> These email addresses are not readable from my key's
>> user IDs.         It is harder for you to obtain these
>> email addresses.

> I don't believe 4 is the case at all.  In this era of
> Facebook, Twitter, social media and people profligately
> sharing information, well... this seems a lot like
> locking up the barn after the cattle have run off.

Even if you consider the search to be trivial, it is still harder than
not needing to search. I deliberately used the comparative. Now I'm
just being a pedant. (-:

> You're begging the question: how does it get made
> ex-directory?  In the case of a telephone, it's because
> you have a single point of authority who will enforce
> your wishes.  In the case of the certificate servers,
> how does it get done?

> I'm not saying it shouldn't get done or that I wouldn't
> like it if it were done.  I'm only saying that, at
> present, it doesn't appear it *can* be done.

The user already has complete control over what string to use as their

There is nothing stopping anybody from publishing a key with
user-IDs such as


but there is no point without a mechanism for other users to
select that key from an email address (or a name).

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Lotto: A tax on people who are bad at statistics!


More information about the Gnupg-users mailing list