<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>> Uh -- how? <br/>
<br/>
Because I have associate not only my real name,<br/>
but also my working email, and it is listed in my<br/>
company's home page. If people are trying to<br/>
follow you, they are not going with presumption of<br/>
innocence, and too many things can help them<br/>
justify their doubt -- such as your Timezone,<br/>
language style, grammar and spell error. To make<br/>
is worse, I was working in a very small industry<br/>
and there is only 3 company provide such service,<br/>
and I talked a lot about it in the past with my<br/>
online identity.<br/>
<br/>
> This is a total dick move. Don't do this. You'll <br/>
> make yourself a lot of enemies<br/>
<br/>
I do not have to pick any real name, at least not<br/>
from any pgp user. I can just use a fake name<br/>
generator, put those names under my company's<br/>
domain, or just add my colleague's email to it --<br/>
they will never notice. Even if they do, they can<br/>
only see their UID under a revoked key, and it<br/>
looks just like other ancient garbage keys in the<br/>
server. I will try to make it as harmless as<br/>
possible. <br/>
<br/>
The only problem is how the pgp key server <br/>
handles 2 public keys with duplicated<br/>
timestamp. If I can not insert some fake UIDs<br/>
before my real one, the whole thing will be <br/>
pointless.
<div>
<div name="quote" style="margin:10px 5px 5px 10px; padding: 10px 0 10px 10px; border-left:2px solid #C3D9E5; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin:0 0 10px 0;"><b>Sent:</b> Monday, January 15, 2018 at 3:13 PM<br/>
<b>From:</b> "Robert J. Hansen" <rjh@sixdemonbag.org><br/>
<b>To:</b> gnupg-users@gnupg.org<br/>
<b>Subject:</b> Re: Hide UID From Public Key Server By Poison Your Key?</div>
<div name="quoted-content">> Let's say, you have accidentally associated your<br/>
> real name to the key under your online name and<br/>
> upload it to public key server, which allows<br/>
> anyone to connect your online identity to the<br/>
> person in real life.<br/>
<br/>
Uh -- how?<br/>
<br/>
There is no mechanism in the keyserver to do this. That's why you have<br/>
to validate certificates you receive from the keyserver. The fact<br/>
there's a UID named "Robert J. Hansen <rjh@sixdemonbag.org>" on key<br/>
0xB44427C7 provides you with precisely *zero* evidence that I'm Rob<br/>
Hansen or that Rob Hansen even exists. For all you know my name is<br/>
Maurice Micklethorpe.<br/>
<br/>
> Since you can never remove<br/>
> anything from the public key server, You are<br/>
> wondering if you can add something to it -- for<br/>
> example, add another 100 of UIDs with other<br/>
> people's real name and emails so people can not<br/>
> find out which one is yours, and append another<br/>
> 100 of digital signature so people get tired<br/>
> before figure out which one is from valid user.<br/>
<br/>
I rarely use language like this, but this time I think it's warranted:<br/>
<br/>
This is a total dick move. Don't do this. You'll make yourself a lot<br/>
of enemies, and if you pick the wrong real names and emails, some of<br/>
those people are pretty damn good at figuring out what's going on.<br/>
<br/>
Don't put real names and emails belonging to other people on your cert.<br/>
It's *rude*. If someone goes looking for "Robert J. Hansen<br/>
<rjh@sixdemonbag.org>" I want them to see one cert is newest and I want<br/>
them to use that one. If you go about putting my name and email address<br/>
on your cert, I'm going to get cross.<br/>
<br/>
Again: this is a total dick move. Don't do this.<br/>
<br/>
_______________________________________________<br/>
Gnupg-users mailing list<br/>
Gnupg-users@gnupg.org<br/>
<a href="http://lists.gnupg.org/mailman/listinfo/gnupg-users" target="_blank">http://lists.gnupg.org/mailman/listinfo/gnupg-users</a></div>
</div>
</div>
</div></div></body></html>