> My first thought is to generate a new (secure) email address which includes
> the old (insecure) address as a substring (for example
> "[EMAIL PROTECTED]"). Will this work? I don't know enough about
> keyservers to know the answer to that one.

I don't know about all pgp key servers, but the one I am  familiar with
searches on whatever text you have added to the data packet with your public key,
as well as on signers  and other things.  

It would be feasible to create a PGP-only (or -mostly) email alias,
make that the sole email address in your key stored in pgp key servers.

On the other hand, on the particular key server I am familiar with,
_all text_ you put in the trusted data can be discovered.  Other key servers
may have additional controls.

If you have ever had a key stored in such a key server with many addresses
you do not want discovered, it is very difficult (probably impossible)
to rectify this problem; revocation does not solve it.

I have no idea how important a source of email addresses this 
represents; maybe someone has some empirical data on that.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to