hashed user IDs [was: Re: Security of the gpg private keyring?]

Robert J. Hansen rjh at sixdemonbag.org
Sat Mar 12 21:22:06 CET 2011

On 3/12/2011 1:05 PM, MFPA wrote:
> How does the WoT idea require me to know the names or email addresses
> associated with the keys in the trust path? The text strings in User
> IDs do not feature in the trust calculation.

Yes, in fact, they do.

In my past, there's an ex-CEO whom I'll just call "Ben."  Ben made some
really astonishingly bad decisions that put him in prison for eighteen
months, and left me with a permanent distrust for him.  If I see Frank
has signed Ben's certificate, and I trust Frank, am I going to trust Ben?

Of course not.

Trust is not transitive.  If A trusts B and B trusts C, there is no
requirement that A trusts C.  In fact, if it turns out A knows C,
transitivity can break completely.

> What would not be visible (at least to people who didn't already know
> it) is the identity and email address of the certifying key's owner.

So far, you haven't produced a mechanism that will do this.  We're still
at the "it would be nice if..." stage of your idea.  Thus, I really
can't respond to statements of what this mechanism would or wouldn't do,
since we don't have a mechanism to analyze.

More information about the Gnupg-users mailing list