Ah, but surely there's a problem with this idea? If you communicate with me
in the clear, you will know my email address to be
"[EMAIL PROTECTED]". If you hit the reply button following a
communication with me, your message will reach me. BUT - if you then decide
that you want to communicate with me securely, your first action would
presumably be to look up "[EMAIL PROTECTED]" on a keyserver. It will
not be found, because it won't be there, so you will assume that I'm not
PGP-savvy, and not bother. (Or at least, I'm guessing some people might).

Unless (and I'm hoping someone will confirm or deny this) there is some way
to configure things so that if one looks up "[EMAIL PROTECTED]" on a
keyserver then what would be returned would be my SECURE email address, not
my insecure one. Is this possible?

My first thought is to generate a new (secure) email address which includes
the old (insecure) address as a substring (for example
"[EMAIL PROTECTED]"). Will this work? I don't know enough about
keyservers to know the answer to that one.

Oh yes - one last question... You said "but as a private individual the
volume is not going to be crippling". Roughly how much volume are we talking
about here?


-----Original Message-----
From: Peter Clay [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2003 4:14 PM
Subject: Re: Keyservers and Spam

On Mon, 9 Jun 2003 [EMAIL PROTECTED] wrote:

> Hi,
> It seems to me that the possibilty that spammers might harvest PGP
> keyservers for email addresses is a serious disincentive to using
> keyservers. Does anyone have any thoughts on this?

Solution: Have two addresses, a "secure" and "non-secure" one. Discard
all mail to the secure one that's not encrypted. OK, so you have to
process and discard it, but as a private individual the volume is not
going to be crippling.

Peter Clay                                         | Campaign for   _  _|
                                                   | Digital       /  / | |
                                                   | Rights!       \_ \_| |
                                                   | http://www.ukcdr.org

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to