I thought I'd sent this one to the list, but it just went to MFPA :-( Here it is one more time
On 28 Feb 2011, at 22:40, MFPA wrote: >> <snip/> > > > I think key UIDs generally reveal more information than I am > comfortable with. For example, why does your UID need to contain your > email address in plain text rather than as a hash? Searching for that > email address would need to return any keys that matched on the hashed > version in addition to any keys that matched on the plaintext version. > Somebody knowing the email address (or name or hostname) could find > the key but mere inspection of the key UIDs would not reveal all its > owner's names, email addresses, etc. The domain part of an email address is case-neutral, so you could take a standard (say, convert to lower case) and then hash that; but the local part of the email address *need not* be case-insensitive - Andrew.Long *might* be different to andrew.long. Then you don't know *how* to hash the address. Regards, Andy -- Andrew Long andrew dot long at mac dot com
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ gpgtools-users mailing list [email protected] FAQ: http://www.gpgtools.org/faq.html Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users Unsubscribe: http://lists.gpgtools.org/mailman/options/gpgtools-users/[email protected]?unsub=Unsubscribe&unsubconfirm=1 This email sent to: [email protected]
