-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Wednesday 2 March 2011 at 8:14:08 PM, in <mid:4d6ea510.7080...@fifthhorseman.net>, Daniel Kahn Gillmor wrote: > it sounds to me like you've simply made it difficult > for people to correspond with you over long periods of > time because your e-mail address isn't likely to > continue working. Not especially so. The ones I use for mailing lists etc. change periodically. This makes no difference to people contacting me, since they should be doing it via the list. Ones I use with specific individuals or groups of people, some are quite fleeting while others persist for years. > If your only concern is that you don't want your e-mail > address publicly visible on the keyservers, just make a > User ID with no e-mail address at all, and leave it at > that. > You'd still need to do the work of changing, say, MUAs > to re-think their key-selection criteria to include > keys without e-mail addresses Something that would not be necessary if the underlying openPGP implementations could handle hashed user IDs. > But you wouldn't have to do any of the following: > * specify and try to reach consensus on the syntax of > a "standard" Hashed User ID Isn't that best handled *after* a proof-of-concept? > * modify underlying OpenPGP implementations to try > digested searches Could these be handled by a local proxy? The openPGP implementation (which is configured to use the local proxy as keyserver, and not to check the local keyring) queries the proxy using the plaintext search string. The proxy checks the local keyring for both the plaintext search string and the hash, and returns the combined results to the openPGP implementation. The proxy (simultaneously?) queries a keyserver for both the plaintext search string and the hash. If there were matches in the local keyring, the keyserver results are discarded (or cached?). If there were no matches in the local keyring, the combined results from the keyserver are returned to the openPGP implementation and keys may be imported as normal. > * convince third-parties that it is worth their while > to certify digested user IDs That is not necessarily harder than convincing them to sign user IDs wit no email address. - -- Best regards MFPA mailto:expires2...@ymail.com Zorba the Greek - before he zorbas you -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNbt7/nhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pYmsEAL9V ZcywGGE/10DWc2Lqv8G/r+ugt0Wju9dObr+Ll3BNjkANu+bTWRJpFMVsTF4Y/PHZ VEuYZh2dRFPF8FCK7MjwSy0lQ6EsR6yxGlMWjrx5ECvfV8V/r/1pC+GWyBl+aSD8 myYbz+uMd1d7YOsebNn7Z3SohyZhu3cwUuCKidTT =LmYB -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
