hashed user IDs [was: Re: Security of the gpg private keyring?]

Robert J. Hansen rjh at sixdemonbag.org
Fri Mar 11 14:54:57 CET 2011

On 3/10/2011 3:09 PM, Hauke Laging wrote:
> That's the technical situation today. But it is no use to announce
> that to the whole world.

(Did you mean "not necessary" instead of "no use"?)

It is useful to quite a lot of people.  Look at how many people map out
webs of trust for entirely innocent purposes.  In fact, mapping out webs
of trust is necessary for the WoT idea to even work.  "Well, I've signed
Frank's key and I see that Frank's signed Gianna's key, and I trust
Frank so..."

> It is required only for those people who use your signature in a 
> validation chain.

How do you propose determining who really needs those signatures for
validation purposes and who doesn't?  And once you've made that
determination, how do you enforce it?

Those are the two major, outstanding questions, and so far I've not seen
any serious attempts at answering them.  It seems this discussion is
stuck at the stage of "it would be nice if we all had ponies," without
any real answers to questions of "so where will we get the real estate
to house the ponies?" and "who among us is an equine veterinarian?"

> b) nobody who really wants to inform the whole world is in any way
> affected in doing that.

I don't know how to respond to this: since we don't have a workable
proposal for how to accomplish your objectives, we also can't discuss
how your proposal will affect existing users.

> It's perfectly OK for me that you can see that I have signed Ben's
> key but why should others know that?

Because this is not an ORCON system.  The system is built around public
certifications and private certifications.  You're talking about
introducing an entirely new method, something which seems basically like
an ORCON certification: "I'll make the certification, but I get to
control who gets to learn about the certification."

More information about the Gnupg-users mailing list