On 03/10/2011 03:09 PM, Hauke Laging wrote: > You have validated my key (among others) and I (among others) have validated > Ben's. Now you want to validate Ben's key indirectly. Ben's key has ten > signatures, the one by my key is the only one usable for you. The next person > who tries to validate find another signature useful. It's perfectly OK for me > that you can see that I have signed Ben's key but why should others know > that? > Why should you be able to find out who are the other ones who have made > signatures for Ben's key? > > I would make a local signature if I would not want to let anyone know that I > have verified the key. But in that case you could not verify Ben's key what I > am willing to enable. The motto is: Don't reveal more than necessary. You > have > to reveal something in order to make the whole thing work but you don't have > to reveal all.
How does hashed user IDs address this particular question? You don't need to care about the User IDs on keys if you just want to map relationships. If i'm mapping relationships, and i decide from that mapping that a particular keyholder is "interesting", *then* the hashed User IDs might become a minor stumbling block in my figuring out who the keyholder is in the "real world". But the point of User IDs is to bind human-intelligible (and therefore likely low-entropy) "real world" information to keys. So if i have reasonable computer resources at my disposal, reversing the digest of low-entropy material seems like a possibility. If you want to keep the fact that one keyholder has verified another keyholder's identity secret, you cannot solve that by obscuring the User IDs. The right way to solve that is with non-exportable OpenPGP certifications, which must be passed between users explicitly. For example: "Hi Bob, I'm Alice. Charles vouches for my identity as you can see from this non-exportable cert." In this example, Charles does not want the world to know that he has certified Alice's key. But he's willing to let Alice decide who knows this information, so he gives her a copy of his non-exportable cert. After Alice has introduced herself to Bob this way, both B and A know about the C->A certification, but the rest of the world is still at a loss. either B or A could share this certificate with anyone else, of course. It's out of C's hands as soon as he gave a copy of the non-exportable cert to A. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users