-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Tuesday 30 May 2017 at 8:42:04 PM, in <mid:tp1i29fufmf7xv....@menglehorn-lt.lan.zayoms.net>, Michael Englehorn wrote:- > Also, it would be strange to only publish your key's > "name only" UID to the > keyserver, because then at a keysigning event I > wouldn't know where to > send your public key back to, and I couldn't certify > any of your e-mail > addresses. A user can use hashed instead of human-readable forms of their name and/or their email address in a key's user-ids. The email address (or name) cannot be determined from simple inspection of the UID. Just a defence against casual snooping on the information in user-ids, not a security measure but the "incident" that gave rise to this thread is prevented. The downside is that using the cleartext email address (or name) as your search string doesn't find the key from a keyserver and the email client fails to match the key by email address, rendering those UIDs largely useless. It has been discussed here before, and dismissed by people cleverer than me, that the hashed version could be searched for as well as the readable version to locate a key from the local keyring or from keyservers. A member of PGPNET produced some Python scripts as an exercise in seeing what might go into this, when we last discussed the idea over there about three years ago. - -- Best regards MFPA <mailto:2014-667rhzu3dc-lists-gro...@riseup.net> No matter where you go, there you are. -----BEGIN PGP SIGNATURE----- iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWS9sw18UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4 5OYaAP9n45Ojx5tHSw3KcGFbNmoq63sXckEqjQgiWsbQ1EG4SwD9Gw2P2/826VT4 +W5na/kbL1Dz+EveaMHG+z54V8Cn4w6JAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr fHTOsx8l8AUCWS9syl8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3 Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8JYvB/9WQFZRychf3xx9Xh3S+QRWIV4Y dZ7Ph7rG2VOlwPVUi0/zqIycnjFQNcFRSGojnHfZE07+hDHXq3/e+epxUbYrpys9 aGf/Bj5N0sPKU8/kLAFbUsclFbGyz6/mrjALlLgyEQXYAYJ8JdgkAbifUW7Xkc4O Nx3HyUQE2hbzmWo4BU2xl7ummTjPthvrZnaDvRkjlX/eG1x2Y87d/2GjLqsSbM9Q tooQLkf5yyY42QFyPRg9TZehv8bfYq0SMiVmft4LPf8HtuI1lCVUb8YnExqwcSs2 BnjSaAE+aafdEIPXU3g938PIdctZocemMuxImT2ql9TN1/tWGtuKA6yRPkEY =ndHi -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
