hashed user IDs [was: Re: Security of the gpg private keyring?]

Ben McGinnes ben at adversary.org
Sun Mar 13 06:48:55 CET 2011


On 13/03/11 6:37 AM, MFPA wrote:
> 
> Whatever you do with user IDs is optional, since they are just a
> free-text field. And of course a user wanting to make their key
> match more searches could include extra UIDs with additional
> hashes. For example John Smith <john.smith573 at example.com> could
> include hashes of example.com and of john.smith. In any event,
> including the information in hashed form should make the key more
> likely to be found than if the info were not there at all.

I think you're assuming a level of innate understanding of what can be
done with every part of a UID by every user when they create a key.
This is most definitely not the case.

> If there was a point there other than curiosity value, it went way
> over my head.  (-:

That was an example.  The point was being able to determine, to some
extent, the degree of OpenPGP use in Australian politics and the civil
service.  In the case of that minister, I knew the rest of his party
used it because I know they were using a corporate version of PGP in
2000 or 2001.  The two major parties over here have always had some
interesting interactions online (ever since a scandal involving a
staffer of one providing information to "hack" the website of the
other in 1998).

Currently I can run "gpg --search-keys aph.gov.au" and get the keys
for everyone who has one in Parliament House (most of them are civil
servants, only two or three are politicians).  With hashed UIDs,
unless the person generating the hash specifies additional hashes to
be included then that will cease to work.

As much as I find your idea interesting, I think I'd rather have the
ability to search on sections of a UID.  If I ever want to be
contacted in a way that is separate from my name, then I'll just go to
the effort of creating a new key with a pseudonym and relevant mail
drop.

If your hashed UID were an optional feature that were not enabled by
default, I doubt I would object, but I think the current use of UIDs
has value that I would not want to see superceded by the hashed
version.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110313/8b363cb3/attachment-0001.pgp>


More information about the Gnupg-users mailing list