hashed user IDs [was: Re: Security of the gpg private keyring?]

MFPA expires2011 at ymail.com
Mon Mar 21 00:40:03 CET 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Sunday 20 March 2011 at 6:31:49 PM, in
<mid:4D864815.6020205 at adversary.org>, Ben McGinnes wrote:


> On 20/03/11 1:52 PM, MFPA wrote:
>> Whether on a keyserver or on your local keyring, I see
>> little difference.

> Which just shows how your use differs with that of
> others.  I have a number of keys on my keyring and when
> I list them I like to see which key belongs to which
> identity/account (I don't care if it's a real name or
> not, just as long as I can see something that makes
> sense to me).  Hashed IDs, depending on how common they
> became, would make this and key management difficult.

All fair enough but the reason I see little difference between
personal information being on other people's local keyrings or on
keyservers is covered in the next sentence, which you agreed with.



>> Keys that exist on local keyrings sooner or later tend
>> to end up on keyservers.

> True.

>> The first two or three times I looked at PGP and
>> GnuPG, I found the apparent requirement to include
>> personal information in user IDs repulsive and
>> therefore moved on without any further study. A
>> feature such as this might have attracted me to study
>> further and maybe adopt sooner.

> No offence, but I think this is more a lack of
> imagination.  I think my second key ever used a
> pseudonym with no email address or comment and it was
> made the same day as my first one.

No offence taken. When I eventually looked into it I realised the
requirement for including the email address, although strongly
suggested by most descriptions and how-to articles I found, was not
real. One of the first keys I created was the one use to I sign these
messages; the <a at b.c> is because whatever PGP version I was using
wouldn't create a key without an "email address" of
string at string.string and I was unaware of example.net at the time.



- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Is it bad luck to be superstitious?
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJNhpBfnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pILYD/iCq
cplQC5D1+3RVeOO/w08C3haZyEOcCP7f8nQwZ8+qKczsWzpES6vUIKmy6NavawQZ
GFWAJv2paLAtoH8rNencYVx1w0pOooimGMZ7bLL7ShgiljkeUz1ESOvXO+V2iE2Y
wj8Re258FTkIVhvhWjjqQAF9UH8AQmXOEbyAip19
=meYo
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list