hash email addresses / directory privacy enhancement
2014-667rhzu3dc-lists-groups at riseup.net
Tue Apr 29 20:58:35 CEST 2014
-----BEGIN PGP SIGNED MESSAGE-----
On Tuesday 29 April 2014 at 7:18:40 PM, in
<mid:20140429181840.457E7A03A0 at smtp.hushmail.com>, vedaal at nym.hush.com
> When a person generates a new key, the e-mail required
> by gnupg for key generation, can be listed as something
> benign such as name at my.keys
Or, IMHO better still, left blank. Although I would prefer the ability
to include it hashed.
> so the question becomes;
> "If the key is accessible by the fingerprint and key
> name, and people consider the fingerprint the most
> trustable identifier of the key, and an attacker cannot
> forge a key with the same fingerprint, then why is it
> necessary to have the e-mail address on the keyserver
> at all?
I think it is more a convenience than a necessity. But it became a de
facto standard, which the writers of some email software have relied
upon to select encryption keys by email address.
MFPA mailto:2014-667rhzu3dc-lists-groups at riseup.net
Of course it's a good idea - it's mine!
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users