-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Grant
On Friday 26 February 2010 at 6:30:16 PM, you wrote: > As a practical matter, even if your contacts agree to respect your > wishes, it's still pretty easy for them to accidentally send it to > the keyservers. Perhaps mis-typing a command when they try to upload > their own key. Perhaps clicking the wrong button. Perhaps because > they just don't really know how gpg works and start typing random > commands. Yes, for example in GPGshell, "Send to Key-server" and "Update from Key-server" are adjacent context menu items. And the submenus that they generate are almost identical, so it is easy to not spot if you have clicked the wrong one. I also would prefer it if GPG itself asked for confirmation of action (including displaying the key-ID and user-IDs) for the --send-keys command, with the assumption of "no" unless you typed "y" > From a practical perspective, whether it's right or wrong, you've got to > assume that if they can, they will, But you may still wish they didn't and couldn't (-; > and that key will be out there forever. Yes, unfortunately. > One of the reasons to use public/private key encryption is > because you don't always trust the other parties to do the correct thing. > So if you are worried about the keyservers having information that could > somehow implicate you in whatever, you'd need to obfuscate your UID, as > you mentioned in another post. Asking people not to publish the key > doesn't offer any real protection. And if you've done that, you might > as well publish the key yourself. Not including your name or your email address in the UID offers protection against the accidental upload scenario. But somebody could still generate a key with a UID suggesting nefarious activities, sign your key with it, and upload it. Or their UID could simply identify whose was the key with the obfuscated UID. - -- Best regards MFPA mailto:expires2...@ymail.com If you can't convince them, confuse them. -----BEGIN PGP SIGNATURE----- iQCVAwUBS4g3GqipC46tDG5pAQqByQQApxVwdqtUdGONlXENU7Nmnt/wm2PG/BSC NybXrNs2H+1hn1jo1MsRiqeXLmsObviQyAW1wPW3ieCf3STsTRA6iESnl6jc2r6n OmmImS3ItBjNTybz/qzoScZFRYw0K79ASptn0TQuhVExiuRB/Bb4YvmytpVHri6Q S/QQuhUVGbY= =hKiF -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
