"just invent something..."

Robert J. Hansen rjh at sixdemonbag.org
Thu May 21 18:48:01 CEST 2020

> First, let me mention that Web of Trust is to me not a useful public 
> key verification mechanism, as it is compromises my privacy.

Only if your sigs are exportable.  Local sigs are a perfectly legitimate
way to use the WoT.  If Alice locally signs Bob's certificate and sets
Bob up as a trusted introducer, Alice can benefit from Bob vouching for
Charlotte's certificate without revealing her identity to Charlotte --
or even the fact that she (Alice) even exists.

> But the question begs: is inventing false information the proper way 
> of preventing the leakage of personally identifiable information, 
> completely unnecessarily, via programs constructed by system 
> architects whose thinking about the privacy is stuck in the time long
> behind us?

The question is irrelevant.  OpenPGP allows you to use true identity
information, false information, or true information about a persona, or
false information about a persona, or a recipe for a nice habanero
salsa.  Do what's right for you, and understand that what's right for
you may well be different from what's right for others.

(Saute two thinly-sliced cloves of garlic in a little oil for a few
minutes until they start releasing the garlicky goodness.  Add a pinch
of ground cumin; saute another minute.  Add 500g finely-diced tomatoes
and their juices, one habanero finely-diced, cook over low heat for ten
minutes stirring constantly.  Once the tomatoes and peppers are
well-cooked, pour into a blender or food processor.  Add cilantro and
the juice of one lime, puree the mixture, pour into a bowl.  Decorate
with lime slices.  And here you thought this mailing list was only good
for nerd stuff...)

> The proper thing for gpg program to do would be to allow the 
> personally identifiable information in the key to be optional,

It already is.

> and to warn the user generating such key that he will not be able to
> participate in the Web of Trust.

But they can.

More information about the Gnupg-users mailing list