> Uh -- how?
Because I have associate not only my real name,
but also my working email, and it is listed in my
company's home page. If people are trying to
follow you, they are not going with presumption of
innocence, and too many things can help them
justify their doubt -- such as your Timezone,
language style, grammar and spell error. To make
is worse, I was working in a very small industry
and there is only 3 company provide such service,
and I talked a lot about it in the past with my
online identity.
> This is a total dick move. Don't do this. You'll
> make yourself a lot of enemies
I do not have to pick any real name, at least not
from any pgp user. I can just use a fake name
generator, put those names under my company's
domain, or just add my colleague's email to it --
they will never notice. Even if they do, they can
only see their UID under a revoked key, and it
looks just like other ancient garbage keys in the
server. I will try to make it as harmless as
possible.
The only problem is how the pgp key server
handles 2 public keys with duplicated
timestamp. If I can not insert some fake UIDs
before my real one, the whole thing will be
pointless.
Because I have associate not only my real name,
but also my working email, and it is listed in my
company's home page. If people are trying to
follow you, they are not going with presumption of
innocence, and too many things can help them
justify their doubt -- such as your Timezone,
language style, grammar and spell error. To make
is worse, I was working in a very small industry
and there is only 3 company provide such service,
and I talked a lot about it in the past with my
online identity.
> This is a total dick move. Don't do this. You'll
> make yourself a lot of enemies
I do not have to pick any real name, at least not
from any pgp user. I can just use a fake name
generator, put those names under my company's
domain, or just add my colleague's email to it --
they will never notice. Even if they do, they can
only see their UID under a revoked key, and it
looks just like other ancient garbage keys in the
server. I will try to make it as harmless as
possible.
The only problem is how the pgp key server
handles 2 public keys with duplicated
timestamp. If I can not insert some fake UIDs
before my real one, the whole thing will be
pointless.
Sent: Monday, January 15, 2018 at 3:13 PM
From: "Robert J. Hansen" <r...@sixdemonbag.org>
To: gnupg-users@gnupg.org
Subject: Re: Hide UID From Public Key Server By Poison Your Key?
From: "Robert J. Hansen" <r...@sixdemonbag.org>
To: gnupg-users@gnupg.org
Subject: Re: Hide UID From Public Key Server By Poison Your Key?
> Let's say, you have accidentally associated your
> real name to the key under your online name and
> upload it to public key server, which allows
> anyone to connect your online identity to the
> person in real life.
Uh -- how?
There is no mechanism in the keyserver to do this. That's why you have
to validate certificates you receive from the keyserver. The fact
there's a UID named "Robert J. Hansen <r...@sixdemonbag.org>" on key
0xB44427C7 provides you with precisely *zero* evidence that I'm Rob
Hansen or that Rob Hansen even exists. For all you know my name is
Maurice Micklethorpe.
> Since you can never remove
> anything from the public key server, You are
> wondering if you can add something to it -- for
> example, add another 100 of UIDs with other
> people's real name and emails so people can not
> find out which one is yours, and append another
> 100 of digital signature so people get tired
> before figure out which one is from valid user.
I rarely use language like this, but this time I think it's warranted:
This is a total dick move. Don't do this. You'll make yourself a lot
of enemies, and if you pick the wrong real names and emails, some of
those people are pretty damn good at figuring out what's going on.
Don't put real names and emails belonging to other people on your cert.
It's *rude*. If someone goes looking for "Robert J. Hansen
<r...@sixdemonbag.org>" I want them to see one cert is newest and I want
them to use that one. If you go about putting my name and email address
on your cert, I'm going to get cross.
Again: this is a total dick move. Don't do this.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
> real name to the key under your online name and
> upload it to public key server, which allows
> anyone to connect your online identity to the
> person in real life.
Uh -- how?
There is no mechanism in the keyserver to do this. That's why you have
to validate certificates you receive from the keyserver. The fact
there's a UID named "Robert J. Hansen <r...@sixdemonbag.org>" on key
0xB44427C7 provides you with precisely *zero* evidence that I'm Rob
Hansen or that Rob Hansen even exists. For all you know my name is
Maurice Micklethorpe.
> Since you can never remove
> anything from the public key server, You are
> wondering if you can add something to it -- for
> example, add another 100 of UIDs with other
> people's real name and emails so people can not
> find out which one is yours, and append another
> 100 of digital signature so people get tired
> before figure out which one is from valid user.
I rarely use language like this, but this time I think it's warranted:
This is a total dick move. Don't do this. You'll make yourself a lot
of enemies, and if you pick the wrong real names and emails, some of
those people are pretty damn good at figuring out what's going on.
Don't put real names and emails belonging to other people on your cert.
It's *rude*. If someone goes looking for "Robert J. Hansen
<r...@sixdemonbag.org>" I want them to see one cert is newest and I want
them to use that one. If you go about putting my name and email address
on your cert, I'm going to get cross.
Again: this is a total dick move. Don't do this.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
