On 2/26/10 10:53 AM, MFPA wrote: > There are privacy issues, especially if user-ids on the key contain > email addresses.
This isn't persuasive. It's been hammered out tons of times, and no one has ever presented a strong argument for keeping email addresses secret. Usually the same arguments are marshaled against it again and again, and those are the same arguments that have not been persuasive. > In some cases, the authorities knowing an individual used encryption > could be a problem. Why? Because they have a key on the keyservers? If this is what you're worried about, rest easy: there are so many easier ways to learn whether someone uses encrypted email that I can't imagine competent law-enforcement searching the keyservers. For instance, in the United States the authorities can get your email headers without a warrant. That means to, from, subject, routing information, and all the kluges. Check the kluges on this email and I'm pretty sure you'll see kluges related to Enigmail. Presto, at that point people know I'm using a crypto-aware MTA. Investigators also don't develop very many leads based on "gee, this person uses crypto." Many more leads are developed based on kludge investigation -- what security geeks call "traffic analysis." If they nab a child pornographer and discover that you always emailed him between one and three days before the child pornographer uploaded a new set of images, well... that's the kind of interesting coincidence which will start a federal investigation. The fact you have a crypto key, not so much. > There is the issue of controlling the image that is portrayed by the > signatures on your key. That image can only be portrayed if the viewers are ignorant of how the WoT works. What you are saying here is, "we must change the way we act in order to accommodate the prejudices of the ignorant." Did that in high school -- it was the most disastrous social experiment of my life. I've seen nothing in the last twenty years to make me think I should repeat this experiment. > Other than that, how the presence of my key on a keyserver foster the > use of encryption when emailing me? It will probably not be noticed > by anybody who doesn't use OpenPGP already. The second sentence is a tautology. "OpenPGP technologies will probably not be used by people who don't use OpenPGP already." It's trivially true, which is to say that it's a true statement which leads nowhere. Speaking for myself, I've used the keyservers on several occasions. I'll meet someone in person, they'll give me their key ID and fingerprint, and then later on I'll pull down their key ID, verify their fingerprint, and then use it for communication with them. I have my OpenPGP fingerprint at the bottom of my business card for just this reason. When I hand out cards at conferences, I not only tell people how to contact me, but I give people all the information they need to contact me securely. I know several other people who do the same thing. > What's not to agree with in my statement that not everybody wants to > put their keys on the keyservers? I don't think we agree that's your statement. Not everybody believes the world is round, or that the Earth orbits the sun. You can always find at least *one* person who believes some nonsense, and the fact that not *everyone* agrees is not evidence that these minority fringe viewpoints should be allowed to substantially influence mainstream usage. The fact you are arguing so passionately for this point of view leads me to believe you have a horse in this race, and that you want to persuade other people to not upload keys by default. If all you're saying is, "there are people in the world who do not understand the keyserver network and get unhinged when others upload their public keys to it," then sure, I agree. Thread's dead, next subject, we'll continue to use the keyserver network and they'll continue to get unhinged. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
