hashed user IDs [was: Re: Security of the gpg private keyring?]

Robert J. Hansen rjh at sixdemonbag.org
Thu Mar 10 14:34:13 CET 2011


On 3/10/2011 5:23 AM, Hauke Laging wrote:
> ]Those people who just want to protect their 
> social connections by signing other keys without revealing their identity to 
> those who don't know it already have no need to cover their target addresses 
> because the marketing people and "just curious" normal ones are not capable of 
> reading their email traffic. So there already is a use case.

You've just described the use case for a local certification.

Certifications come in two basic varieties: public and private.  A
public certification is intended as an announcement to the world: "Hey,
world!  I am [name] and I vouch for this certificate!"

If people want to make public pronouncements of social relationship, why
in the world would you want to deploy a technology that makes it
difficult to discover this social relationship?

This doesn't make any sense to me.  Quite possibly I have completely
misunderstood what you're arguing.



More information about the Gnupg-users mailing list