-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Friday 19 March 2010 at 6:54:06 AM, in <mid:4ba31f8e.1050...@gmail.com>, Paul Richard Ramer wrote: > On Sat, 13 Mar 2010 20:05:21 +0000 MFPA wrote: >> It looks to me as if the answer is "yes." Unless each >> person who had one of your email addresses already >> knew the other addresses before seeing them on your >> key, they now have extra information about you. And >> the addresses have jumped from "shared outside of >> people [you] knew personally" to published in a >> universally-accessible location. However >> minor/negligible or unimportant you may consider it, >> that's a reduction in privacy. > You are, of course, assuming all of my contacts know > what PGP is, how to use a keyserver, and have fetched > and examined my key. OK, I should have qualified "they now have extra information about you" with "potentially" or "access to." > Although I have potentially disclosed my e-mail addresses to the > whole world, my actual disclosure has been less than had I posted > those e-mail addresses to a web page or handed a copy of my key UIDs > to whomever. The lower level of spam from publicising your email addresses on a keyserver compared to web page suggests the first of these is true (although that may be related to ease of extraction of email addresses). I'm not sure how you would go about measuring the second. (-; > But you know what? I don't care. I'm clear that this doesn't bother you. > I created those UIDs > with the belief that if I shared them with one person, > I shared them with the world. Of course, but it doesn't have to be that way. I do not see that users of openPGP gain anything at all from this public exposure of their private details, if their key could be usefully be made publicly available without. > I intentionally made > that information public, which is different from > accidental disclosure. Yes it is. > Also the use of a keyserver in my case was good, > because I don't have any means of distributing my key > electronically other than by e-mailing my key to every > person that may request it. So a keyserver fits the > way I want to work. Well, you *could* include it in every email you send out; or use an email auto-responder, post it on a web page, post it to BigLumber, etc and use a signature notation (or a note in a comment line or an email footer) to link to it. But most of these options probably fit the way of working you describe less well than using a keyserver. - -- Best regards MFPA mailto:expires2...@ymail.com Confusion is always the most honest response -----BEGIN PGP SIGNATURE----- iQCVAwUBS6N28qipC46tDG5pAQosPwP/T1UBiDz3i0w3bob+Yd//OwxLQHvWyhnI +kRzUO2SWTdqbntSZBWlVJXiWeNcB5d8cV9AYbf48TUrqVMV5tHzdMrm3iiOwP4f rzGNWbN717TECS+R4ZIE+L6e2foYD3iQSmj5cDtBWpok+OZtaViRRRnVbb+40VvQ VlLKjQrgf/0= =7B90 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
