-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Sunday 13 March 2011 at 5:48:55 AM, in <mid:4d7c5ac7.70...@adversary.org>, Ben McGinnes wrote: > I think you're assuming a level of innate understanding > of what can be done with every part of a UID by every > user when they create a key. This is most definitely > not the case. I'm assuming a short descriptive paragraph in the gpg.man file plus some good info becoming available over time in various "start up guides" etc. by searching the web or mailing list archives or asking on mailing lists, as with other GnuPG features. It doesn't matter if people learn after the key is created because additional UIDs containing extra hashes can be added later. > As much as I find your idea interesting, I think I'd > rather have the ability to search on sections of a UID. Fair enough but I believe a person's desire to withhold their own personal information outranks another person's desire to make use of that personal information. > If your hashed UID were an optional feature that were > not enabled by default, I doubt I would object, I would like hashing to be offered for the name and then again for the email address, along with a one-liner that obscuring the information in the UIDS offered minimal protection as described in gpg.man and made it harder for other users to locate and use the key; if there's a default answer it should be "No". Maybe others would feel it should be only in expert mode, or perhaps enabled by a "hash-uid" option to the "gen-key" command. > but I > think the current use of UIDs has value that I would > not want to see superceded by the hashed version. The main disadvantage I see in hashing the information is slightly increased complexity in locating keys. That assumes the individual would otherwise have a key containing his information unhashed. For individuals whose UIDs would otherwise contain spurious or no information, locating their key should become easier. The search/research capability that you outlined would be reduced if significant numbers of keys with only hashed UIDs came about, if the organisations you are searching allow their people to use such UIDs. The impact on the WoT is unclear. One scenario is no change from the current situation, where an individual who chooses not to reveal their name and email address(es) in their UID has little chance of success in finding people willing to provide certifications. - -- Best regards MFPA mailto:expires2...@ymail.com Yellow snow is not lemon flavoured -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNfMdZnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pjkwD/1Zu TjY54C6MwgqVJ6hN5VcmaeEhSNwZsLXZbL4F5RtWvLRIqzneHYr3gFLug7YKTTWb qXtSgUwrMjYEL4KbP+Ah34EerpQ7/PMq/PaY99bxNWpSfLBD7LOkR/65spR0etU1 Qhf6gMLrFzHvJUeGBfxgovYdKo8Zecnmj3DAFmkN =KpW4 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
