hashed user IDs [was: Re: Security of the gpg private keyring?]

MFPA expires2011 at ymail.com
Sun Mar 6 14:12:11 CET 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 3 March 2011 at 12:33:27 AM, in
<mid:4D6EE1D7.2050707 at sixdemonbag.org>, Robert J. Hansen wrote:


> It's not a tangent at all, and for almost the exact
> reason you cite. You would say "it can easily be done."
> I would say, "it can easily be enforced."  I'm not
> seeing an effective enforcement mechanism here. Without
> that, I don't see how it can easily be done.

What would need to be enforced? If a user chose to use hashes when
creating their user-IDs, then all by themself without the need for any
enforcement mechanism they have obscured the data; somebody already in
possession of the data can compare hashes but somebody inspecting the
user-IDs cannot extract the information that is obscured.



> Basically what you're saying is, "I don't want other
> people to be able to publicly share data that I feel
> personally identifies me."  That's a perfectly
> understandable want, but you can't make data
> uncopyable. Digital information may be easily and near
> costlessly copied and shared: that's just its essential
> nature.

Precisely the point of using hashes in user-IDs: all that would be
available to copy and share is a hash of the data.



>> 3.      I have email addresses that you don't know.
>> These email addresses are readable from my key's user
>> IDs.         It is trivial for you to obtain these
>> email addresses.

>> 4.      I have email addresses that you don't know.
>> These email addresses are not readable from my key's
>> user IDs.         It is harder for you to obtain these
>> email addresses.

> I don't believe 4 is the case at all.  In this era of
> Facebook, Twitter, social media and people profligately
> sharing information, well... this seems a lot like
> locking up the barn after the cattle have run off.

Even if you consider the search to be trivial, it is still harder than
not needing to search. I deliberately used the comparative. Now I'm
just being a pedant. (-:



> You're begging the question: how does it get made
> ex-directory?  In the case of a telephone, it's because
> you have a single point of authority who will enforce
> your wishes.  In the case of the certificate servers,
> how does it get done?

> I'm not saying it shouldn't get done or that I wouldn't
> like it if it were done.  I'm only saying that, at
> present, it doesn't appear it *can* be done.


The user already has complete control over what string to use as their
user-ID.

There is nothing stopping anybody from publishing a key with
user-IDs such as

"b735ed0655b5a9017bc102f6b1799aa9959a3251
(55fbb2c0169d568bbd2ced25e1f47737e7ef3a34)
<529ed52d3ec1186584ec75109e732f9b9da3f12d>"

but there is no point without a mechanism for other users to
select that key from an email address (or a name).

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Lotto: A tax on people who are bad at statistics!
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNc4gwnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pgdgEALob
6wWg/GGyae8cHa9nl4eExBGTONpi+r+BITD735NZLm2FREVHvFisc7An7Ti9jLbU
lurAycbCQ5BXeR+V+b5UgxBVK5AOLa69nwAxL7eoESyZ+Lnzq4fuMNUnFd2vmEth
iI1QBknRG3qiiY3vnucpCgTI+Dy7VILR0ceREbgb
=Jimz
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list