-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Friday 2 May 2014 at 4:34:30 AM, in <mid:[email protected]>, Daniel Kahn Gillmor wrote: > but i don't see the > advantage of someone else publishing claims that i am > the same person holding two different keys. Agreed, that is an awful idea. > people using the keyservers to document > social relationships that they are not involved in; i > don't think that's a good idea. People wishing to do this already use signatures and UIDs to add their message to the background noise on the keyservers. "KeyA and KeyB are controlled by the same person" would be merely inconsequential noise unless it were a claim made by both KeyA and KeyB. > One way that gpg makes certifications > directly on the primary key itself is when you revoke a > key. I don't know if there are other mechanisms in gpg > to expose that sort of thing. This shows the code is already there to make certifications directly on the primary key. > I tend to see it the other way; i'd want to know > specifically how the proposed information is supposed > to be useful *first*, and then (if it's a compelling > enough case) we can talk about how to specify it. I guess there is also the option for somebody who wished to run tests and maybe standardise later if something useful came out of it. > --ask-cert-level fails this test, for example. I always thought that seemed like it ought to be a useful thing to consider when making a certification. > We > don't actually make use of that data in any certificate > validation algorithm, so publishing it just produces a > richer social graph than we need to publish, and > doesn't benefit anyone other than folks who want to > data mine the social graph on the keyservers. That's a > net loss in my opinion. I consider to be a loss, the publication of any un-necessary information that allows a person to be identified or their associations analysed. - -- Best regards MFPA mailto:[email protected] Nothing a Pan-Galactic Gargle Blaster won't cure! -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlNjsfVXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5p6NkD/RalxmeLVx8JSHkuwL/TMee70d1utPH8tmJk AvKBDcXkunFwT8KyoLU/M3uTVp7R2ajPtNc7Qmu2NJn/qV/U/DIGDPOJX6rzujjL vMI6hbvULcoAMAA2ql3MDeTRFQ42FzQYkd7wGIHmBBiwL33lVzAdJW23TkRBL8qL w4Tf0Zsf =0if5 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
