-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Friday 26 February 2010 at 5:04:36 PM, in <mid:4b87ff24.3000...@sixdemonbag.org>, Robert J. Hansen wrote: > On 2/26/10 10:53 AM, MFPA wrote: >> There are privacy issues, especially if user-ids on the key contain >> email addresses. > This isn't persuasive. It's been hammered out tons of > times, and no one has ever presented a strong argument > for keeping email addresses secret. Maybe not but there is a perceived need, as evidenced by services like spamgourmet and all the disposable email address outfits In any case, I've never seen a convincing argument *for* including email addresses in the UID of a PGP key. >> In some cases, the authorities knowing an individual >> used encryption could be a problem. > Why? Because they have a key on the keyservers? OK, as a reason not to upload somebody's key to a server without their consent, this was poor. I suspect an individual in those circumstances would take great care that whoever had their key knew to keep it secure. >> There is the issue of controlling the image that is >> portrayed by the signatures on your key. > That image can only be portrayed if the viewers are > ignorant of how the WoT works. What you are saying > here is, "we must change the way we act in order to > accommodate the prejudices of the ignorant." Well, now you put it that way... >> Other than that, how the presence of my key on a >> keyserver foster the use of encryption when emailing >> me? > Speaking for myself, I've used the keyservers on > several occasions. I'll meet someone in person, they'll > give me their key ID and fingerprint, and then later on > I'll pull down their key ID, verify their fingerprint, > and then use it for communication with them. If their key lived at their own website or on an email responder, for example, you could still do this - except the note of the fingerprint and key-id would also need to contain a URL. >> What's not to agree with in my statement that not >> everybody wants to put their keys on the keyservers? > I don't think we agree that's your statement. Not > everybody believes the world is round, or that the > Earth orbits the sun. You can always find at least > *one* person who believes some nonsense, and the fact > that not *everyone* agrees is not evidence that these > minority fringe viewpoints should be allowed to > substantially influence mainstream usage. OK OK, the post I was replying to when I started this stated "It is also a good idea to send your key to the keyservers." I do not see this statement as any kind of self-evident truth, yet I have been thoroughly taken to task for questioning it. The keyservers are just one of the platforms available for disseminating your key. What makes them the *best* platform? Nothing in this thread so far has convinced me of their supremacy. > The fact you are arguing so passionately for this point > of view leads me to believe you have a horse in this > race, and that you want to persuade other people to not > upload keys by default. I would no more deliberately publish somebody's key without their consent than I would pass on their phone number or address. I would expect that to be normal, without the need to persuade anybody. - -- Best regards MFPA mailto:expires2...@ymail.com No matter where you go, there you are. -----BEGIN PGP SIGNATURE----- iQCVAwUBS4ilsqipC46tDG5pAQq7jAQAqijYzD96kV894BFofqqpGsp8j38a8a1p MRe6B3NQQTz9CP+rqS5Gs98aSuinMLteTqDpFKESYwOwTQbH4KXzxqxVTS5/E+u4 l75fgjo77VHQazOuPXsCjFuVvpNjhOKF3BHTYiexFebzcndLcXiNg/pAhU/OxofA Vk1EAVOp7m8= =R8XD -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users