hashed user IDs redux [was: Re: Creating a key bearing no user ID]

John Clizbe John at enigmail.net
Fri Jan 27 02:10:08 CET 2012


Doug Barton wrote:
> On 01/26/2012 15:41, MFPA wrote:
>> The use of the word "harvesting" in this context suggests to me a
>> concern about spamming rather than about privacy. And I would like
>> the ability to protect my name as well as (or instead of) my email
>> address.
> 
> As I said the last time you brought this up .... put whatever you like
> in the name and e-mail fields, and notify the people you communicate
> with of what's there, and the fingerprint of the key. They can then
> set up rules in their e-mail client that when they communicate with
> you via e-mail address foo that they should use key bar. You're done.
> 
> There is no software modification needed to accomplish what you want
> to do.

DING! DING! DING! DING! We have a winner!

You do not wish your name or email address in a certificate's UID,
THEN DON'T PUT IT IN. Feed whatever text you wish through the hashing algorithm
of your choice and use that. Bang! You're done.

Just do it. OpenPGP and the software involved do not need any changes.
And as Rob pointed out, any changes would have a difficult time getting accepted.

-- 
John P. Clizbe                      Inet:John ( a ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"



More information about the Gnupg-users mailing list