Hello MFPA, During this whole debate, you have assumed one thing in your argument that I don't believe anyone has pointed out as being flawed. You have assumed that the person (I will call him John Doe) would have decided to create a UID that contained the personal information that he wants to keep private.
If the person wanted badly to keep his e-mail address, or his e-mail address and his name, private, why would he put them on his key. Especially, when he knows that all it takes is one slip up or deliberate upload to send his public key flying across the Internet and into a keyserver to remain there forever. Here are three examples of John Doe wanting to keep the privacy of his personal information and still use PGP. I am using these examples, because they are usage cases that you have used in your arguments. The usage cases are as follows: (a) John Doe doesn't want to disclose his e-mail address; (b) John Doe doesn't want to disclose his name or e-mail address; (c) John Doe doesn't want to disclose his name or e-mail address, because he fears that his government will send him to a gulag if they catch him. Usage Case (a) -------------- John Doe knows that he doesn't, under any circumstances, want his e-mail address to be disclosed to the public. So instead of creating a UID without his e-mail address, he creates one with his e-mail address. He gives his key to only those that he wants to communicate with, which are his friends, family, coworkers, and even business clients. Everything goes well for John. His key is off the keyservers, and it isn't posted anywhere public. One day while John is fetching someones keys, he decides, just for kicks, to search for his key on the keyserver. John is horrified. His key is on the keyserver. Usage Case (b) -------------- John Doe knows that he doesn't, under any circumstances, want his name or e-mail address to be disclosed to the public, because he only wants to communiate with a select group of people. So instead of creating a UID without a real name and e-mail address, he creates one with his name and e-mail address. After all, he will only use it with people he trusts. For communicating with the web at large, he uses a pseudonym and a disposable e-mail address. But even though John is separates communications with people he knows from people he doesn't know, he still doesn't want his personal information on the Internet. For this reason, John is careful to ensure that his key isn't publicly available. One day, a friend tells John that he wants to apologize to John. The friend tells John that he accidentally uploaded John's key to the keyservers. Usage Case (c) -------------- John Doe knows that he doesn't, under any circumstances, want his name or e-mail address to be disclosed the public, because he doesn't want the government to discover that he is using PGP. So instead of creating a UID without his name and e-mail address, he creates one with his name and e-mail address. John is careful to share his key with only those that he trusts. Everything goes well with John (that is, things are only as good as it can go for the poor guy). His key isn't anywhere the government could look for it. One day, one of John's trusted family members, who lives in a freer country, accidently uploads John's key to a keyserver. The family member doesn't even realize that he did this. And John doesn't know that this was done. -------------- In each of these cases, John Doe made the mistake of thinking that he could keep his personal information in his key, and that he could keep his key off the keyservers. If John were to make the wisest decision about keeping his personal informaton secret, wouldn't he choose to not include this information in a key that is probable to end up in a public venue? -Paul -- Please use my PGP key when sending me e-mail, if you can. PGP Key ID: 0x3DB6D884 PGP Fingerprint: EBA7 88B3 6D98 2D4A E045 A9F7 C7C6 6ADF 3DB6 D884
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
