Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] privacy with pgp keys



I have to agree. It's not just ill-suited to PGP, it's also a major
obstacle to verifying trust at a keysigning party. It may be workable
one-on-one where the other party is strongly motivated to verify your key,
but it's far to onerous for a mass keysigning event.



On Thu, Sep 10, 2015 at 6:42 PM, Chris Markiewicz <effigies at riseup.net>
wrote:

> On 09/10/2015 04:23 PM, Mayuresh Rajwadkar wrote:
> > hi
> >
> > http://pgp.mit.edu/pks/lookup?search=b5d1f0f4&op=index
> >
> > That uploaded key as a MD5 and SHA224 of the ID aka email...
> > One can verify that the email and fingerprint I provide will match up to
> > those hashes..
> > Its not entirely impossible...
>
> If I understand you properly, when somebody wants to communicate with
> you, you would tell them something like:
>
> > Take my name and email address, and run the following commands:
> > $ UID='NAME <EMAIL>'
> > $ echo -n $UID | md5sum
> > $ gpg --search-keys `echo -n $UID | sha224sum | sed -e 's/ .*//'`
> >
> > Check the MD5 sums are the same, and make a note of the UUID, so you
> > can use it whenever you want to encrypt something (or put it in your
> > enigmail rules)
>
> At that point, why not simply use something like minilock
> (https://minilock.io/), where you just publish a 46-character public key?
>
> > I do appreciate Derek's concern...
> >
> > In my example I have used a UUID, which is the ultimate but one can use a
> > FirstName/LastName
> > which can be a little bit liberal, than providing an email address,
> > embedding a thumb-print jpeg, or
> > a IRIS-scan jpeg, or providing some kind of  DNA fingerprint/sequence
> would
> > be kind a overly  liberal  ? than
> > just an email address, which is also possible... if privacy is no
> > concern...
>
> This honestly just sounds ill suited to PGP. Given that PGP isn't very
> popular, and is already inconvenient to learn and use, I'm not sure that
> augmenting it with an extra layer of work for anybody wishing to
> communicate with you is really compelling. Avoiding spam seems like a
> losing proposition, no matter what.
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



-- 
John Abreau / Executive Director, Boston Linux & Unix
Email: abreauj at gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org