hashed user IDs [was: Re: Security of the gpg private keyring?]

MFPA expires2011 at ymail.com
Sat Mar 12 20:37:33 CET 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 10 March 2011 at 2:58:32 AM, in
<mid:4D783E58.5090205 at adversary.org>, Ben McGinnes wrote:


> I have.  Many, many times.  There's no point doing it
> for a free email service provider's domain (e.g.
> gmail.com), but sometimes there are advantages in
> checking for keys belonging to people at particular
> organisations (e.g. government departments).  This is
> one of the reasons why I'd prefer MFPA's suggestion,
> were it ever implemented, to be optional rather than
> the default.

Whatever you do with user IDs is optional, since they are just a
free-text field. And of course a user wanting to make their key match
more searches could include extra UIDs with additional hashes. For
example John Smith <john.smith573 at example.com> could include hashes of
example.com and of john.smith. In any event, including the information
in hashed form should make the key more likely to be found than if the
info were not there at all.



> If that feature weren't available, I doubt I would've
> found this:

> pub   1024D/B3F77236 2000-09-21 uid
> Stephen Smith <stephen.smith.mp at aph.gov.au> sub
> 2048g/0E0EEE5F 2000-09-21

> Stephen Smith was in Opposition when he made that key,
> but now he's Minister of Defence.

If there was a point there other than curiosity value, it went way
over my head.  (-:



- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

COMMITTEE: A body that keeps minutes and wastes hours.
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNe8uEnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pbxAEAIAh
17OwkWRD6Y72jkJY3RQxub8ycj2buFKS6F7uTrRKad3yaLbPv7Pmh8NKWs42YZa+
jOflm3L53gAD7slSvSWwE2pzeorIZU/Gz0MWdxXSyJUTTykwZHPzvKMwtPL0nQcJ
u76y9Q821KbUfiA2gGVTZQjt7wusRF7NEZK29Bot
=QdF0
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list