hashed user IDs [was: Re: Security of the gpg private keyring?]

MFPA expires2011 at ymail.com
Sat Mar 12 19:05:28 CET 2011

Hash: SHA512


On Friday 11 March 2011 at 1:54:57 PM, in
<mid:4D7A29B1.4010706 at sixdemonbag.org>, Robert J. Hansen wrote:

> It is useful to quite a lot of people.  Look at how
> many people map out webs of trust for entirely innocent
> purposes.  In fact, mapping out webs of trust is
> necessary for the WoT idea to even work.  "Well, I've
> signed Frank's key and I see that Frank's signed
> Gianna's key, and I trust Frank so..."

The WoT can be mapped with or without names. In your example, how is
your trust enhanced by knowing Gianna's name? "I signed Frank's key
and I see that Frank's signed a key that has user ID
and I trust Frank so..."

How does the WoT idea require me to know the names or email addresses
associated with the keys in the trust path? The text strings in User
IDs do not feature in the trust calculation.

>> It's perfectly OK for me that you can see that I have
>> signed Ben's key but why should others know that?

> Because this is not an ORCON system.  The system is
> built around public certifications and private
> certifications.  You're talking about introducing an
> entirely new method, something which seems basically
> like an ORCON certification: "I'll make the
> certification, but I get to control who gets to learn
> about the certification."

That one sentence quoted in isolation from Hauke could be construed in
that way. But take into account the context and it becomes clear that
he was saying no such thing. A certification made by a key that had
hashed user IDs would be just as visible as any other certification.
What would not be visible (at least to people who didn't already know
it) is the identity and email address of the certifying key's owner.

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

A nod is as good as a wink to a blind bat!


More information about the Gnupg-users mailing list