"just invent something..."
sac at 300baud.de
Thu May 21 19:51:16 CEST 2020
Robert J. Hansen wrote:
> > First, let me mention that Web of Trust is to me not a useful
> > public key verification mechanism, as it is compromises my privacy.
> Only if your sigs are exportable. Local sigs are a perfectly
> legitimate way to use the WoT. If Alice locally signs Bob's
> certificate and sets Bob up as a trusted introducer, Alice can
> benefit from Bob vouching for Charlotte's certificate without
> revealing her identity to Charlotte -- or even the fact that she
> (Alice) even exists.
> > But the question begs: is inventing false information the proper
> > way of preventing the leakage of personally identifiable
> > information, completely unnecessarily, via programs constructed by
> > system architects whose thinking about the privacy is stuck in the
> > time long behind us?
> The question is irrelevant. OpenPGP allows you to use true identity
> information, false information, or true information about a persona,
> or false information about a persona, or a recipe for a nice habanero
> salsa. Do what's right for you, and understand that what's right for
> you may well be different from what's right for others.
> (Saute two thinly-sliced cloves of garlic in a little oil for a few
> minutes until they start releasing the garlicky goodness. Add a pinch
> of ground cumin; saute another minute. Add 500g finely-diced tomatoes
> and their juices, one habanero finely-diced, cook over low heat for
> ten minutes stirring constantly. Once the tomatoes and peppers are
> well-cooked, pour into a blender or food processor. Add cilantro and
> the juice of one lime, puree the mixture, pour into a bowl. Decorate
> with lime slices. And here you thought this mailing list was only
> good for nerd stuff...)
> > The proper thing for gpg program to do would be to allow the
> > personally identifiable information in the key to be optional,
> It already is.
> > and to warn the user generating such key that he will not be able to
> > participate in the Web of Trust.
> But they can.
I miss dkg here on the ML ...
Signal (Desktop) +4915172173279
More information about the Gnupg-users