BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] privacy with pgp keys
- Subject: [Discuss] privacy with pgp keys
- From: abreauj at gmail.com (John Abreau)
- Date: Thu, 10 Sep 2015 18:53:00 -0400
- In-reply-to: <55F20751.4040207@riseup.net>
- References: <CALggPSnKM8sz3kAWQUwOMSgzpKMEQSxtzaeU6FfYN2H6H7vBpQ@mail.gmail.com> <CAFv2jcbnt1FRNnX9=SXfY4mfaHauup2P2RzayxhKzHX6XUsetA@mail.gmail.com> <20150910173020.GA8891@dragontoe.org> <CALggPSnC4cHMRTZWHyduVjHBtU2U9W-YW-pV-4yTTe0qxqknfQ@mail.gmail.com> <55F20751.4040207@riseup.net>
I have to agree. It's not just ill-suited to PGP, it's also a major obstacle to verifying trust at a keysigning party. It may be workable one-on-one where the other party is strongly motivated to verify your key, but it's far to onerous for a mass keysigning event. On Thu, Sep 10, 2015 at 6:42 PM, Chris Markiewicz <effigies at riseup.net> wrote: > On 09/10/2015 04:23 PM, Mayuresh Rajwadkar wrote: > > hi > > > > http://pgp.mit.edu/pks/lookup?search=b5d1f0f4&op=index > > > > That uploaded key as a MD5 and SHA224 of the ID aka email... > > One can verify that the email and fingerprint I provide will match up to > > those hashes.. > > Its not entirely impossible... > > If I understand you properly, when somebody wants to communicate with > you, you would tell them something like: > > > Take my name and email address, and run the following commands: > > $ UID='NAME <EMAIL>' > > $ echo -n $UID | md5sum > > $ gpg --search-keys `echo -n $UID | sha224sum | sed -e 's/ .*//'` > > > > Check the MD5 sums are the same, and make a note of the UUID, so you > > can use it whenever you want to encrypt something (or put it in your > > enigmail rules) > > At that point, why not simply use something like minilock > (https://minilock.io/), where you just publish a 46-character public key? > > > I do appreciate Derek's concern... > > > > In my example I have used a UUID, which is the ultimate but one can use a > > FirstName/LastName > > which can be a little bit liberal, than providing an email address, > > embedding a thumb-print jpeg, or > > a IRIS-scan jpeg, or providing some kind of DNA fingerprint/sequence > would > > be kind a overly liberal ? than > > just an email address, which is also possible... if privacy is no > > concern... > > This honestly just sounds ill suited to PGP. Given that PGP isn't very > popular, and is already inconvenient to learn and use, I'm not sure that > augmenting it with an extra layer of work for anybody wishing to > communicate with you is really compelling. Avoiding spam seems like a > losing proposition, no matter what. > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://lists.blu.org/mailman/listinfo/discuss > -- John Abreau / Executive Director, Boston Linux & Unix Email: abreauj at gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6
- References:
- [Discuss] privacy with pgp keys
- From: m.m.rajwadkar at ieee.org (Mayuresh Rajwadkar)
- [Discuss] privacy with pgp keys
- From: abreauj at gmail.com (John Abreau)
- [Discuss] privacy with pgp keys
- From: invalid at pizzashack.org (Derek Martin)
- [Discuss] privacy with pgp keys
- From: m.m.rajwadkar at ieee.org (Mayuresh Rajwadkar)
- [Discuss] privacy with pgp keys
- From: effigies at riseup.net (Chris Markiewicz)
- [Discuss] privacy with pgp keys
- Prev by Date: [Discuss] privacy with pgp keys
- Next by Date: [Discuss] Boston Linux Meeting Wednesday, September 16, 2015 - Jeff Schiller and PGP/GnuPG Keysigning Party XV
- Previous by thread: [Discuss] privacy with pgp keys
- Next by thread: [Discuss] privacy with pgp keys
- Index(es):
