On 28/01/12 20:34, MFPA wrote: > Or is the point that searching on the email address doesn't find the > key, you have to search for the fingerprint (and the UID doesn't contain > the email address at all, not even obscured)?
Yes, exactly. The UID just says "Anonymous" or whatever you want it to say. > or would the user need to just search for > "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" to get the key? Yes. Either the user needs to be this savvy, or his tools (MUA, or GnuPG) needs to recognise the special form e-mail address and do this. To automate it, either the MUA or GnuPG needs to recognise the special form e-mail address, but no other changes are necessary (f.e. the keyserver can stay the same). By the way, the way I see it, the e-mail address really exists. You can mail to dkg--noenum-0ee5be979282d80b9f7540f1ccd2ed94d2173...@fifthhorseman.net and it arrives. Demanding the MUA to automatically strip it and mail d...@fifthhorseman.net instead really hinders adoption. I assumed Hauke Laging's high-entropy e-mail address variant also needed the e-mail address to actually exist, otherwise I don't see how that variation could meet the requirements, namely that possession of the e-mail address is enough to get someones public key. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
