hi All, In view of the upcoming PGP keysigning, I would like to see if we can discuss the top of 'privacy with pgp keys'
I found these two discussions online http://crypto.stackexchange.com/questions/9403/how-can-i-remove-my-personal-data-from-my-pgp-public-key http://crypto.stackexchange.com/questions/9388/is-my-identity-exposed-when-publishing-my-public-key-or-encrypting-with-pgp Has anyone on the list thought of this before, or has used some similar/alternative strategies to achieve the same result. Mayuresh ---------- Forwarded message ---------- From: John Abreau <j...@blu.org> Date: Fri, Aug 21, 2015 at 3:59 PM Subject: Re: hi... To: Mayuresh Rajwadkar <m.m.rajwad...@ieee.org> I'm not aware of any such efforts, but I haven't been looking for them. If you ask these questions on our mailing list, there's a good chance of getting responses from people actively involved in such efforts, if those efforts exist. On Fri, Aug 21, 2015 at 9:30 AM, Mayuresh Rajwadkar <m.m.rajwad...@ieee.org> wrote: > hi > > I am not actually questioning the key-signing process... > I understand that, and I am okay with it as of today.. > > I am wondering 5/10/15 years from now will it be the same as now... > Is there any effort/development in process/or possible which could add > some 'privacy' to the gpg/pgp conventions.... > > Mayuresh > > > > > On Fri, Aug 21, 2015 at 2:25 AM, John Abreau <j...@blu.org> wrote: > >> Hi Mayuresh. >> >> We've never had an issue with spam in relation to our keysignings, and >> our process assumes at least one valid email address on each key so >> attendees can send the keys they sign back to the person who owns each key. >> >> Attendees sign the keys after the meeting; our process during the meeting >> simply verifies that attendees have valid IDs proving they are who they say >> they are, and that their key IDs and fingerprints are listed correctly on >> the check sheet. >> >> The process we recommend to attendees for signing keys is to sign each >> key and encrypt the result so that only the person with that key can >> retrieve the signature, and then email the encrypted, signed key to the >> email address associated with the key in order to prove that the person who >> controls that key also controls that email address. >> >> Without an email address in the key, our process would not work. >> >> >> On Thu, Aug 20, 2015 at 7:49 PM, Mayuresh Rajwadkar < >> m.m.rajwad...@ieee.org> wrote: >> >>> hi John, >>> >>> I really enjoyed the last meeting. >>> >>> here is the problem I was trying to describe. >>> >>> when we create pgp keys we use our email address as a ID, to publish the >>> key... >>> When we upload the key to a keyserver our email address becomes public >>> on the internet >>> and open to spam&co >>> >>> I had read a article/post on one of the forums which has suggested to >>> use a >>> RFC4122 to use as a primary ID on the pgp keypair, and have that >>> uploaded to the server >>> so that it does not have email information in it. The same pgp could >>> then have additional uid's >>> which could be kept with the keypair but not uploaded >>> I dont know where I read this at, but I am sure someone must have given >>> some thought on the >>> topic, and may be there are other ways around it. >>> >>> I was wondering if you guys have any other novel method wherein the >>> email-address could be >>> sort of kept secret from spam&co. >>> >>> Mayuresh >>> >>> >>> On Thu, Aug 20, 2015 at 7:32 PM, John Abreau <j...@blu.org> wrote: >>> >>>> Hi Mayuresh. >>>> >>>> >>>> What were you asking me yesterday? >>>> >>>> We normally have a talk on some aspect of security, prior to the >>>> keysigning at the end of the meeting. >>>> >>>> At the moment, the guy who usually does the talk has a prior commitment >>>> and cannot be at the meeting, and an alternative speaker I had invited to >>>> replace him replied this afternoon that he's also away on the day of the >>>> meeting. >>>> >>>> I'm still trying to find another speaker for the meeting. >>>> >>>> >>>> >>>> On Thu, Aug 20, 2015 at 5:26 PM, Mayuresh Rajwadkar < >>>> m.m.rajwad...@ieee.org> wrote: >>>> >>>>> hi John, >>>>> >>>>> I was the guy trying to talk to you yesterday abou the PGP signing, >>>>> and you were not able to hear.. >>>>> >>>>> https://www.linkedin.com/in/mayur0122 >>>>> >>>>> >>>>> Regards >>>>> Mayuresh >>>>> >>>>> >>>> >>>> >>>> -- >>>> John Abreau / Executive Director, Boston Linux & Unix >>>> Email j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 >>>> PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 >>>> >>>> >>> >> >> >> -- >> John Abreau / Executive Director, Boston Linux & Unix >> Email j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 >> PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 >> >> > -- John Abreau / Executive Director, Boston Linux & Unix Email j...@blu.org / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
