On Tuesday 01 March 2011, David Shaw wrote: > On Feb 28, 2011, at 7:09 PM, David Tomaschik wrote: > >> I think key UIDs generally reveal more information than I am > >> comfortable with. For example, why does your UID need to contain > >> your email address in plain text rather than as a hash? Searching > >> for that email address would need to return any keys that matched > >> on the hashed version in addition to any keys that matched on the > >> plaintext version. Somebody knowing the email address (or name or > >> hostname) could find the key but mere inspection of the key UIDs > >> would not reveal all its owner's names, email addresses, etc. > >> > >> I'm usually told such an option does not exist because it would > >> serve no purpose and/or there would be no demand for it. > > > > While I understand your concerns, I think it would just be nice if > > the owner of a key could set a flag on it indicating that they did > > not want their key published to keyservers. Then privacy could be > > preserved with MUCH smaller changes to infrastructure. (Though, > > admittedly, it might require a change in the OpenPGP spec, which > > would actually be much larger.) > > This flag actually exists in OpenPGP already (and what's more, GnuPG > even sets it by default). The catch is that none of the other > infrastructure (keyservers, mainly) checks it, and given the current > design of the keyservers and how they sync key data between them, > they can't easily check it. It would be a very large (I'd say even > larger than the hashed user ID example above) task to make this flag > truly useful.
Hmm. Why do the keyservers need to support it at all? IMO the clients that want to upload a key should check for this flag and warn the user if a key has this flag. Of course, this won't stop people from uploading keys with clients that do not support this flag, but at least those people that use a flag-enabled client will be made aware of the key owner's wish not to upload the key. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
