At 11:51 AM 6/9/03 +0100, [EMAIL PROTECTED] wrote: >Hi, > >It seems to me that the possibilty that spammers might harvest PGP >keyservers for email addresses is a serious disincentive to using >keyservers. Does anyone have any thoughts on this?
Why not publish your key under a bogus name that goes no-where? Analgously: I don't publish my name with my phone number, I am listed under a nym. (Its free, and being unlisted isn't.) If I need to tell someone how to look me up if they're in town (and if they've forgotten the phone number I've personally given them) I refer them to the alias. The alias is somewhat mnemonic (my housecat's name) so they can remember it. Its more convenient if key recipient can rename the key so your tools automatically recognize it. BTW, here's another reason not to publish your address and keys. Aside from the fact that broadcast+stego communication is more discreet, what's to stop an <evil-country person> from sending *encrypted* mail to all the addresses on a server, serving two purposes: 1. stuffing the NSA's inbox with folks to watch 2. covering up his true communication partner. Probably the social-network-inference codes can filter most of this TLA-spam, but hitting innocents with blatantly encrypted messages from <evil-country du jour> would be an interesting hack. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
