Is it normal for a vendor to have his gmail/hotmail email on his pgp key.
Vendors clearnet email when importing PGP key.
Is it normal for a vendor to have his gmail/hotmail email on his pgp key.
[3 Points] Anti-Hero_AU:
[1 Points] None:
Dude...its probably a fake, made up email address!!!! Well, its what i did :-)
[1 Points] 2cbking:
Yes, and absolutely nothing to be concerned about or even thinking about. People have came to having deluded beliefs that the simple presense of something like a gmail address is some big security / opsec issue. Its not. First of all, its almost certainly an email created with entirely bogus information, nothing that could be used to identify the person using it. Second, its really just an index, its not used for anything but to lookup that emails key in a key database, if it was even put in one. Which is probably wasnt. BTW, all email is clearnet. Just because you connect to some email provider with Tor (like sigaint for example) doesnt mean the email you send and receive it sent over Tor. It all goes over clearnet, the only Tor communication is between you and the mail website. This is why you use PGP in the first place. A TOR email provider is no more safe and secure than a clearnet provider. In fact, it could be argued that it is less safe. Why people believe a darknet email provider ran by god knows who with what motives is more secure than say Gmail is beyond me. At least with gmail you know who you are dealing with. But again, this is the whole reason for PGP, so you dont have to trust the medium you use to send the message. You shouldnt trust sigaint, mail2tor, hushmail, gmail or anyone with the privacy of your messages. You encrypt with PGP so you dont have to trust them.
[1 Points] None:
When you create a PGP key you can type in any email! Even "b.obama@whitehouse.gov" if you wanted.
They're not the best providers for the task at hand, however, everything could be PGP encrypted with strong ciphers/key lengths...
It doesn't have eg. "rossulbricht@gmail.com" (vendors' IRL name) though, does it?