On 2/26/2010 12:38 PM, MFPA wrote: > > I am *not* advocating the implementation of any form of > Digital Restrictions Malware (DRM). > > Uploading a somebody else's key without first checking it is OK by > them is a breach of their privacy and could well be illegal/unlawful > in jurisdictions with data protection legislation (for example, if a > company published a customer's key, showing their name and/or email > address, to a server). >
As a practical matter, even if your contacts agree to respect your wishes, it's still pretty easy for them to accidentally send it to the keyservers. Perhaps mis-typing a command when they try to upload their own key. Perhaps clicking the wrong button. Perhaps because they just don't really know how gpg works and start typing random commands. From a practical perspective, whether it's right or wrong, you've got to assume that if they can, they will, and that key will be out there forever. One of the reasons to use public/private key encryption is because you don't always trust the other parties to do the correct thing. So if you are worried about the keyservers having information that could somehow implicate you in whatever, you'd need to obfuscate your UID, as you mentioned in another post. Asking people not to publish the key doesn't offer any real protection. And if you've done that, you might as well publish the key yourself.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
