hashed user IDs

Jerome Baum jerome at jeromebaum.com
Tue Mar 22 16:08:36 CET 2011

Hauke Laging <mailinglisten at hauke-laging.de> writes:

> Or does anyone really claim that  a relevant amount of new gnupg users
> has a  clue about  the need  of protection the  secret keys  which are
> usually stored in  rather unsafe environments? I assume  that most new
> users believe: "Great technology. Now my data is really safe."

I agree with this mostly, however:

> Being consequent gpg without --expert should ask during each key generation:

> 1) Are you REALLY sure you don't want to create this key on a smartcard?

> 2) You are running Windows / X / have network access / a kernel older than 
> four days. Are you REALLY sure you want to create a key in THIS environment?

That's a  bad exaggeration.  We shouldn't  be the ones  choosing what is
"secure enough" and we shouldn't  nag the user either (what hindrance to
adoption). I could be REALLY sure I don't want to create _this_ key on a
smart-card if a smart-card is overkill in my context.

Would you consider the ability to  create a key on-disk to be a feature?
A  lot of  people  (myself included)  would.   Forcing people  to use  a
smart-card wouldn't  be accepted, and  neither should forcing  people to
not use hashed uids.  It's a feature  -- whether you choose to use it or
not, that's up to you.

Now if you were sarcastic,  that's a different matter altogether. I also
like pink elephants!

PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/9e0e4762/attachment.pgp>

More information about the Gnupg-users mailing list