hashed user IDs [was: Re: Security of the gpg private keyring?]
expires2011 at ymail.com
Sun Mar 6 14:12:11 CET 2011
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 3 March 2011 at 12:33:27 AM, in
<mid:4D6EE1D7.2050707 at sixdemonbag.org>, Robert J. Hansen wrote:
> It's not a tangent at all, and for almost the exact
> reason you cite. You would say "it can easily be done."
> I would say, "it can easily be enforced." I'm not
> seeing an effective enforcement mechanism here. Without
> that, I don't see how it can easily be done.
What would need to be enforced? If a user chose to use hashes when
creating their user-IDs, then all by themself without the need for any
enforcement mechanism they have obscured the data; somebody already in
possession of the data can compare hashes but somebody inspecting the
user-IDs cannot extract the information that is obscured.
> Basically what you're saying is, "I don't want other
> people to be able to publicly share data that I feel
> personally identifies me." That's a perfectly
> understandable want, but you can't make data
> uncopyable. Digital information may be easily and near
> costlessly copied and shared: that's just its essential
Precisely the point of using hashes in user-IDs: all that would be
available to copy and share is a hash of the data.
>> 3. I have email addresses that you don't know.
>> These email addresses are readable from my key's user
>> IDs. It is trivial for you to obtain these
>> email addresses.
>> 4. I have email addresses that you don't know.
>> These email addresses are not readable from my key's
>> user IDs. It is harder for you to obtain these
>> email addresses.
> I don't believe 4 is the case at all. In this era of
> Facebook, Twitter, social media and people profligately
> sharing information, well... this seems a lot like
> locking up the barn after the cattle have run off.
Even if you consider the search to be trivial, it is still harder than
not needing to search. I deliberately used the comparative. Now I'm
just being a pedant. (-:
> You're begging the question: how does it get made
> ex-directory? In the case of a telephone, it's because
> you have a single point of authority who will enforce
> your wishes. In the case of the certificate servers,
> how does it get done?
> I'm not saying it shouldn't get done or that I wouldn't
> like it if it were done. I'm only saying that, at
> present, it doesn't appear it *can* be done.
The user already has complete control over what string to use as their
There is nothing stopping anybody from publishing a key with
user-IDs such as
but there is no point without a mechanism for other users to
select that key from an email address (or a name).
MFPA mailto:expires2011 at ymail.com
Lotto: A tax on people who are bad at statistics!
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users