Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] privacy with pgp keys

On Thu, Sep 10, 2015 at 04:23:42PM -0400, Mayuresh Rajwadkar wrote:
> hi
> That uploaded key as a MD5 and SHA224 of the ID aka email...
> One can verify that the email and fingerprint I provide will match up to
> those hashes..
> Its not entirely impossible...
> I do appreciate Derek's concern...
> In my example I have used a UUID, which is the ultimate but one can use a
> FirstName/LastName
> which can be a little bit liberal, than providing an email address,
> embedding a thumb-print jpeg, or
> a IRIS-scan jpeg, or providing some kind of  DNA fingerprint/sequence would
> be kind a overly  liberal  ? than
> just an email address, which is also possible... if privacy is no
> concern...

I don't think you understand.

A PGP key pair is an identity.

If you want to link that identity to you, a legal person of some
kind, then you can go through a key-signing party, or several
equivalents, in which you prove to people who you are and that
you control the key pair, and they attest to that.

If you don't want to link the key identity to you, the person,
then you simply don't go through a key-signing party.

If you want to make several key pairs and only link one of them
to you, you can do that by only bringing the one you want linked
to the key-signing party.


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /