-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Wednesday 2 March 2011 at 1:43:45 AM, in <mid:4d6da0d1.20...@fifthhorseman.net>, Daniel Kahn Gillmor wrote: > On 03/01/2011 08:05 PM, MFPA wrote: >> My analogy, admittedly not a direct comparison, would be having a >> phone number that is ex-directory. It is no defence against random >> dialling, nor against your number being recorded from outgoing calls >> if you don't take steps such as withholding the CLI, nor against >> somebody who has your number passing it on without your permission. >> Despite these failings there is still benefit in being ex-directory. > What are those benefits? The benefits of your phone number being ex-directory are the benefits that derive from it being harder for people to obtain your phone number without your permission, harder to link the number to your name/address, and impossible to find your address or phone number by looking in the phone book. A key that had only hashed UIDs would have analogous benefits relating to email address instead of phone number and to keyserver instead of phone book. A key with some hashed and some human-readable UIDs would perhaps be like having two phone numbers, one listed and the other ex-directory. > Are they worth the tradeoff > of having a large number of non-human-readable User > IDs? Depends who evaluates the worth, how they evaluate it, and if you accept that is really the trade-off. I use different email addresses with different contacts and change some email addresses regularly. Hashed UIDs would allow hiding my email addresses from the people they are not used with, as well as preventing a human-readable set of defunct email addresses. If I included my email addresses in hashed UIDs, they are not human-readable but could still be used to find/identify my key and maybe even facilitate opportunistic encryption. At the moment I cannot usefully include them hashed, so I don't include them at all. For my own key, to me the trade-off is if hashed but still useful I will include, if human-readable I will not. For somebody else encountering my key, the trade-off is the email address they want to match is either in a hashed user ID or it's in no user ID at all. What is the disadvantage of a large number of non-human-readable User IDs on a key? The User ID that I am using at the time (eg to select a key) is useful, all others are irrelevant noise and may as well not be human-readable. - -- Best regards MFPA mailto:expires2...@ymail.com Lotto: A tax on people who are bad at statistics! -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNbbfVnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pxM8D/0mi vUZEjULh30eTkuM26YhxdwuxC27qeRUtMWcDP/gYiiEgittoLvq2IVLfrZac1sj7 0vsaaR27PFMSErYjBMJfk6T54Fg2Jel5GfodbRfbxaDpzrTZG0iNqee/m1ea3+cA z4yXpu/o0vZkdmxA9sJx0XXwOK3h5WVu9YhVNady =4umI -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users