hashed user IDs [was: Re: Security of the gpg private keyring?]

Hauke Laging mailinglisten at hauke-laging.de
Sun Mar 13 01:21:19 CET 2011


Am Sonntag 13 März 2011 00:06:14 schrieb Robert J. Hansen:

> I mean, really, is that what you want to sell?  Or should this be taken
> as a, "the idea of blinded UIDs is a good one, but this idea is
> inadequate and should be taken back to the drawing board"?

Your arguing pretends that somebody is to be fooled. That is not the case. 
Nothing prevents gnupg (and I even suggested to do that) from warning that 
this feature seems to just be used for an email address which is does not make 
sense to be used with (for the reason you explained very convincingly).

When offering this feature it should be clearly said that it not worth much 
for most existing addresses. It isn't, too, for new addresses which are 
simple. As a user you should decide to take both or none: a safe email address 
and a safe UID or a normal address and a normal UID.

This would not be snake oil. But a tool that requires certain knowledge and 
awareness. Just as today's gnupg itself.


Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110313/39f04573/attachment.pgp>


More information about the Gnupg-users mailing list