hashed user IDs [was: Re: Security of the gpg private keyring?]

Ben McGinnes ben at adversary.org
Thu Mar 10 12:24:29 CET 2011

On 10/03/11 12:46 AM, Hauke Laging wrote:
> There are several advantages:
> 1) You don't reveal the social connections by signing keys. If you
> want to validate a key by its signatures and see a signature of an
> unknown key then there is (IMHO) no reason why you should know who
> has certified this key. This information can easily be abused. The
> perfect web of trust would be the perfect source of information
> which should be considered private (who knows whom). This problem is
> hardly reduced by the fact that there are signatures (from key
> signing parties) from people without real social or commercial
> contact.

I can certainly see where a number of people would be interested in
this aspect, while those people wishing to publicly announce that
they've signed particular keys can do so by not utilising the hashing.

> 2) For people in countries where authorities' rights and actions are
> not as easily ruled unconstitutional like in Germany (or not at all)
> it is useful if not only the content of their communication is
> hidden but also the identity of the communication partners (even of
> those in free countries). This is, of course, more complex than
> hashing a key ID, thus I am not sure how important this feature
> would be (as you have to hide the partner's email address or the
> connection to the identity and these email addresses have both to be
> kept secret (because you can easily hash all "publicly available"
> addresses) and to be complex enough not to be guessed; this may
> result in greatnesses like sqq8ctpmbf81yucw8nzwbaod at hauke-laging.de).

This, can only really work for the identities associated with a given
key.  At the end of the day, Alice still has to send an email to Bob
and a truly determined adversary who can intercept that email can at
least derive the key IDs the message is encrypted to.  Unless that
(incredibly annoying) feature of checking all secret keys is enabled,
of course.  I've forgotten what the option is called.

> In general it is useful for a web of trust to have long living
> keys. Email addresses are more easily changed than keys.

Yeah, well, I got so sick of changing my email address that I got my
own domain name (no, that wasn't the only reason).

> 3) You prevent spammers from using keyservers as a source. Yes, I am
> aware that certain people on this list don't accept this as an
> argument (for different reasons). The most important point for this
> question is probably that the infrastructure has to be safe BEFORE
> it gets so big that it becomes interesting for spammers.

With the way most spammers operate, I think this is of little effect
until such a time as the majority of global email users have keys on
the keyservers.  Most spammers just generate usernames at a target
domain name.  At least that's what my Postfix logs indicate.

>> Another reason why we all love Germany now.  ;)
> According to a new study it has the best worldwide image of all
> relevant countries worldwide. However. :-)

There's nothing quite like an unnamed report to back up a nebulous
claim.  It's probably right, though, albeit only because Iceland is so
bloody cold.  ;)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/5368ec09/attachment.pgp>

More information about the Gnupg-users mailing list