-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Thursday 3 March 2011 at 12:33:27 AM, in <mid:4d6ee1d7.2050...@sixdemonbag.org>, Robert J. Hansen wrote: > It's not a tangent at all, and for almost the exact > reason you cite. You would say "it can easily be done." > I would say, "it can easily be enforced." I'm not > seeing an effective enforcement mechanism here. Without > that, I don't see how it can easily be done. What would need to be enforced? If a user chose to use hashes when creating their user-IDs, then all by themself without the need for any enforcement mechanism they have obscured the data; somebody already in possession of the data can compare hashes but somebody inspecting the user-IDs cannot extract the information that is obscured. > Basically what you're saying is, "I don't want other > people to be able to publicly share data that I feel > personally identifies me." That's a perfectly > understandable want, but you can't make data > uncopyable. Digital information may be easily and near > costlessly copied and shared: that's just its essential > nature. Precisely the point of using hashes in user-IDs: all that would be available to copy and share is a hash of the data. >> 3. I have email addresses that you don't know. >> These email addresses are readable from my key's user >> IDs. It is trivial for you to obtain these >> email addresses. >> 4. I have email addresses that you don't know. >> These email addresses are not readable from my key's >> user IDs. It is harder for you to obtain these >> email addresses. > I don't believe 4 is the case at all. In this era of > Facebook, Twitter, social media and people profligately > sharing information, well... this seems a lot like > locking up the barn after the cattle have run off. Even if you consider the search to be trivial, it is still harder than not needing to search. I deliberately used the comparative. Now I'm just being a pedant. (-: > You're begging the question: how does it get made > ex-directory? In the case of a telephone, it's because > you have a single point of authority who will enforce > your wishes. In the case of the certificate servers, > how does it get done? > I'm not saying it shouldn't get done or that I wouldn't > like it if it were done. I'm only saying that, at > present, it doesn't appear it *can* be done. The user already has complete control over what string to use as their user-ID. There is nothing stopping anybody from publishing a key with user-IDs such as "b735ed0655b5a9017bc102f6b1799aa9959a3251 (55fbb2c0169d568bbd2ced25e1f47737e7ef3a34) <529ed52d3ec1186584ec75109e732f9b9da3f12d>" but there is no point without a mechanism for other users to select that key from an email address (or a name). - -- Best regards MFPA mailto:expires2...@ymail.com Lotto: A tax on people who are bad at statistics! -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNc4gwnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pgdgEALob 6wWg/GGyae8cHa9nl4eExBGTONpi+r+BITD735NZLm2FREVHvFisc7An7Ti9jLbU lurAycbCQ5BXeR+V+b5UgxBVK5AOLa69nwAxL7eoESyZ+Lnzq4fuMNUnFd2vmEth iI1QBknRG3qiiY3vnucpCgTI+Dy7VILR0ceREbgb =Jimz -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users