[Discuss] privacy with pgp keys
Mayuresh Rajwadkar
m.m.rajwadkar at ieee.org
Thu Sep 10 16:23:42 EDT 2015
hi
http://pgp.mit.edu/pks/lookup?search=b5d1f0f4&op=index
That uploaded key as a MD5 and SHA224 of the ID aka email...
One can verify that the email and fingerprint I provide will match up to
those hashes..
Its not entirely impossible...
I do appreciate Derek's concern...
In my example I have used a UUID, which is the ultimate but one can use a
FirstName/LastName
which can be a little bit liberal, than providing an email address,
embedding a thumb-print jpeg, or
a IRIS-scan jpeg, or providing some kind of DNA fingerprint/sequence would
be kind a overly liberal ☺ than
just an email address, which is also possible... if privacy is no
concern...
Mayuresh
On Thu, Sep 10, 2015 at 1:30 PM, Derek Martin <invalid at pizzashack.org>
wrote:
> On Thu, Sep 10, 2015 at 12:52:55PM -0400, John Abreau wrote:
> > If a key has been stripped of all traces of the owner's identity, I don't
> > see how it would be possible to adequately verify trust of that key
> during
> > the keysigning party.
>
> Or when you are sending them e-mail. Or at any other time. Positive
> identification of the recipient is generally part of what is required,
> so that you do not, say, encrypt company secrets to your competitor,
> instead of your coworker, for example.
>
> --
> Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
> -=-=-=-=-
> This message is posted from an invalid address. Replying to it will
> result in
> undeliverable mail due to spam prevention. Sorry for the inconvenience.
>
>
More information about the Discuss
mailing list