"just invent something..."

Stefan Claas sac at 300baud.de
Thu May 21 19:51:16 CEST 2020

Robert J. Hansen wrote:
> > First, let me mention that Web of Trust is to me not a useful
> > public key verification mechanism, as it is compromises my privacy.
> Only if your sigs are exportable.  Local sigs are a perfectly
> legitimate way to use the WoT.  If Alice locally signs Bob's
> certificate and sets Bob up as a trusted introducer, Alice can
> benefit from Bob vouching for Charlotte's certificate without
> revealing her identity to Charlotte -- or even the fact that she
> (Alice) even exists.
> > But the question begs: is inventing false information the proper
> > way of preventing the leakage of personally identifiable
> > information, completely unnecessarily, via programs constructed by
> > system architects whose thinking about the privacy is stuck in the
> > time long behind us?
> The question is irrelevant.  OpenPGP allows you to use true identity
> information, false information, or true information about a persona,
> or false information about a persona, or a recipe for a nice habanero
> salsa.  Do what's right for you, and understand that what's right for
> you may well be different from what's right for others.
> (Saute two thinly-sliced cloves of garlic in a little oil for a few
> minutes until they start releasing the garlicky goodness.  Add a pinch
> of ground cumin; saute another minute.  Add 500g finely-diced tomatoes
> and their juices, one habanero finely-diced, cook over low heat for
> ten minutes stirring constantly.  Once the tomatoes and peppers are
> well-cooked, pour into a blender or food processor.  Add cilantro and
> the juice of one lime, puree the mixture, pour into a bowl.  Decorate
> with lime slices.  And here you thought this mailing list was only
> good for nerd stuff...)
> > The proper thing for gpg program to do would be to allow the 
> > personally identifiable information in the key to be optional,
> It already is.
> > and to warn the user generating such key that he will not be able to
> > participate in the Web of Trust.
> But they can.

I miss dkg here on the ML ...


Signal (Desktop) +4915172173279

More information about the Gnupg-users mailing list