On 2/26/10 11:55 PM, MFPA wrote: > Maybe not but there is a perceived need, as evidenced by services > like spamgourmet and all the disposable email address outfits
There is a perceived need for $150 bowls of soup, as evidenced by dozens of high-priced gourmet restaurants in major cities. The existence of a market for a service is not evidence that the service is generally useful or needed. > In any case, I've never seen a convincing argument *for* including > email addresses in the UID of a PGP key. First, the status quo doesn't need arguments in its favor. The status quo exists. *Changing* the status quo is what requires arguments in its favor. Second, then you don't have to include it in yours. Why are you bringing this up? I don't care what your UID is, and I don't want you to have a vote in whether I put an email address in mine. > If their key lived at their own website or on an email responder, > for example, you could still do this - except the note of the > fingerprint and key-id would also need to contain a URL. In which case you're still hosting it publicly, so why not use the keyservers? > OK OK, the post I was replying to when I started this stated "It is > also a good idea to send your key to the keyservers." I do not see > this statement as any kind of self-evident truth, yet I have been > thoroughly taken to task for questioning it. This is not "taking you to task." This is listening to your claims, and giving strong arguments against them. My father is a judge. Growing up, if I were to assert the sky was blue he would ask how I knew the sky was blue. (No, I'm not kidding.) It's a weird way to grow up, but it's served me very well in my life. All claims must be scrutinized and examined. If they survive the scrutiny, good. If they don't, then let's make note of them and remember not to waste time on these claims in the future. > The keyservers are just one of the platforms available for > disseminating your key. What makes them the *best* platform? You've set up a straw man. Nobody is arguing the keyserver network is the best platform. What is best will depend on each person's individual valuation of the many factors that go into this question. That said, it is broadly true that it's a good idea to send keys to the keyserver network. The reasons why have already been well-explained. Your reasons why not are either unfounded or debunked. In your voluminous defense of privacy rights, you've not given any numbers for what fraction of users need or want to keep their public keys private. If you're arguing that the "good idea" we've advocated is not a good idea, you need to show there are substantial numbers of users who will be negatively impacted. You haven't. You've talked about the danger of reputation being slandered by implication of association: but as David Shaw has pointed out, if someone wants to do that there are much easier ways to do it than with keys. You've talked about making it easy for law enforcement to learn who communicates securely with whom: but as I've said, law enforcement (at least in the US, and probably also the UK) has much easier ways to learn this. You've talked about spam: but as John Clizbe has pointed out, although keyservers do get harvested for addresses there is no statistically significant difference in the spamflood between putting a key on the server or keeping it private. You'd have to ask him about his methodology and his precise numbers, but I'm sure he'd be willing to provide them if you asked. (I used to share your concerns about spam, up until John showed me his numbers and convinced me.) The status quo is, "it is generally a good idea to send your key to the keyserver network." If you want to change that, the burden is on you to present persuasive evidence supporting a change. So far I've not seen it, which means the status quo stands. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
