hashed user IDs [was: Re: Security of the gpg private keyring?]
Robert J. Hansen
rjh at sixdemonbag.org
Thu Mar 10 14:34:13 CET 2011
On 3/10/2011 5:23 AM, Hauke Laging wrote:
> ]Those people who just want to protect their
> social connections by signing other keys without revealing their identity to
> those who don't know it already have no need to cover their target addresses
> because the marketing people and "just curious" normal ones are not capable of
> reading their email traffic. So there already is a use case.
You've just described the use case for a local certification.
Certifications come in two basic varieties: public and private. A
public certification is intended as an announcement to the world: "Hey,
world! I am [name] and I vouch for this certificate!"
If people want to make public pronouncements of social relationship, why
in the world would you want to deploy a technology that makes it
difficult to discover this social relationship?
This doesn't make any sense to me. Quite possibly I have completely
misunderstood what you're arguing.
More information about the Gnupg-users