hash email addresses / directory privacy enhancement

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Tue Apr 29 20:58:35 CEST 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Tuesday 29 April 2014 at 7:18:40 PM, in
<mid:20140429181840.457E7A03A0 at smtp.hushmail.com>, vedaal at nym.hush.com
wrote:


> When a person generates a new key, the e-mail required
> by gnupg for key generation, can be listed as something
> benign such as name at my.keys

Or, IMHO better still, left blank. Although I would prefer the ability
to include it hashed.



> so the question becomes;

> "If the key is accessible by the fingerprint and key
> name, and people consider the fingerprint the most
> trustable identifier of the key, and an attacker cannot
> forge a key with the same fingerprint, then why is it
> necessary to have the e-mail address on the keyserver
> at all?



I think it is more a convenience than a necessity. But it became a de
facto standard, which the writers of some email software have relied
upon to select encryption keys by email address.

- --
Best regards

MFPA                    mailto:2014-667rhzu3dc-lists-groups at riseup.net

Of course it's a good idea - it's mine!
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlNf9mJXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pNoED/3670bloe3SMow42GKhkZ2ZF2KIk/ZizmczJ
B0rl9rNWOlvqCqwACE3WrpyhiD0drwWy8ho4koPpqVm1IpAClH9c2UKj5TOkcoiv
yl8LzscfvuIIiee/xNIH/Uq0s5DDBECharMyiL264v9bKvM0l8QRcA96B5mKiMek
CUE/fnyX
=IB77
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list