hashed user IDs [was: Re: Security of the gpg private keyring?]
Hauke Laging
mailinglisten at hauke-laging.de
Sun Mar 13 01:21:19 CET 2011
Am Sonntag 13 März 2011 00:06:14 schrieb Robert J. Hansen:
> I mean, really, is that what you want to sell? Or should this be taken
> as a, "the idea of blinded UIDs is a good one, but this idea is
> inadequate and should be taken back to the drawing board"?
Your arguing pretends that somebody is to be fooled. That is not the case.
Nothing prevents gnupg (and I even suggested to do that) from warning that
this feature seems to just be used for an email address which is does not make
sense to be used with (for the reason you explained very convincingly).
When offering this feature it should be clearly said that it not worth much
for most existing addresses. It isn't, too, for new addresses which are
simple. As a user you should decide to take both or none: a safe email address
and a safe UID or a normal address and a normal UID.
This would not be snake oil. But a tool that requires certain knowledge and
awareness. Just as today's gnupg itself.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110313/39f04573/attachment.pgp>
More information about the Gnupg-users
mailing list