On 02/28/2011 05:40 PM, MFPA wrote: > Hi > > > On Monday 28 February 2011 at 3:47:16 PM, in > <mid:AANLkTi=ar9koe_afvwkiajb4t+6mqqywc20e+kenl...@mail.gmail.com>, > Guy Halford-Thompson wrote: > > >> Thanks for the help, didnt really occur to me how much >> info is available in the public keyring, guess you cant >> do much about it tho. > > > I think key UIDs generally reveal more information than I am > comfortable with. For example, why does your UID need to contain your > email address in plain text rather than as a hash? Searching for that > email address would need to return any keys that matched on the hashed > version in addition to any keys that matched on the plaintext version. > Somebody knowing the email address (or name or hostname) could find > the key but mere inspection of the key UIDs would not reveal all its > owner's names, email addresses, etc. > > I'm usually told such an option does not exist because it would serve > no purpose and/or there would be no demand for it. > >
While I understand your concerns, I think it would just be nice if the owner of a key could set a flag on it indicating that they did not want their key published to keyservers. Then privacy could be preserved with MUCH smaller changes to infrastructure. (Though, admittedly, it might require a change in the OpenPGP spec, which would actually be much larger.) David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
