hashed user IDs [was: Re: Security of the gpg private keyring?]
mailinglisten at hauke-laging.de
Thu Mar 10 01:03:14 CET 2011
Am Mittwoch 09 März 2011 14:39:35 schrieb Robert J. Hansen:
> 2. To really gain benefit from this scheme, you must:
> (a) have a non-trivially-brute-forceable email address
> (b) want to be able to hide your email address
> 3. Deploying this scheme means:
> (a) people can no longer do fuzzy searches for email
> addresses ("show me all user IDs that look like this
> (b) finding people's certificates may be made more
> difficult due to (a)
> 4. My suspicion is the number of users covered by (2) is pretty small.
As we all know you love anecdotal evidence, here's mine: You are probably
right but consider two points:
1) Today there is no use in obeying the (2) rules. If such a feature is
implemented then those who are interested in using it will consider creating
new email addresses according to (2). Nonetheless the number of interested
users may be small (but increasing with increasing public attention to privacy
problems besides reading mail contents).
2) gpg offers a lot of features which I guess are used (and even known) by a
small share of its users. Nonetheless they got implemented. Obviously the main
argument is not the number of users but the quality of the software. There is
a whole section "Doing things one usually doesn't want to do." in the man
page. I guess it contains more than 80 options.
> My suspicion is the number of users impacted by (3) is pretty large.
I have never done that. I cannot iamagine why this should be important to
anyone. You know which email address you are going to write to, don't you?
OpenPGP should not prevent new features because somebody abuses the
infrastructure as a kind of address book.
More important: Not everyone is going to do this. Those people who regard it
important to protect their addresses and names really don't care about
convenience (if the alternative is omitting the feature).
It might make sense to print a warning if a user activates this hashing
feature for a UID with an email address which is obviously not brute force
And in contrast to Werner I do believe that signatures are going to kill the
spam problem one day. :-)
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users