[Discuss] privacy with pgp keys

[m.m.rajwadkar at ieee.org (Mayuresh Rajwadkar)]

hi

http://pgp.mit.edu/pks/lookup?search=b5d1f0f4&op=index

That uploaded key as a MD5 and SHA224 of the ID aka email...
One can verify that the email and fingerprint I provide will match up to
those hashes..
Its not entirely impossible...

I do appreciate Derek's concern...

In my example I have used a UUID, which is the ultimate but one can use a
FirstName/LastName
which can be a little bit liberal, than providing an email address,
embedding a thumb-print jpeg, or
a IRIS-scan jpeg, or providing some kind of  DNA fingerprint/sequence would
be kind a overly  liberal  ? than
just an email address, which is also possible... if privacy is no
concern...

Mayuresh











On Thu, Sep 10, 2015 at 1:30 PM, Derek Martin <invalid at pizzashack.org>
wrote:

> On Thu, Sep 10, 2015 at 12:52:55PM -0400, John Abreau wrote:
> > If a key has been stripped of all traces of the owner's identity, I don't
> > see how it would be possible to adequately verify trust of that key
> during
> > the keysigning party.
>
> Or when you are sending them e-mail.  Or at any other time.  Positive
> identification of the recipient is generally part of what is required,
> so that you do not, say, encrypt company secrets to your competitor,
> instead of your coworker, for example.
>
> --
> Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
> -=-=-=-=-
> This message is posted from an invalid address.  Replying to it will
> result in
> undeliverable mail due to spam prevention.  Sorry for the inconvenience.
>
>