At 11:51 AM 6/9/03 +0100, [EMAIL PROTECTED] wrote:
>It seems to me that the possibilty that spammers might harvest PGP
>keyservers for email addresses is a serious disincentive to using
>keyservers. Does anyone have any thoughts on this?

Why not publish your key under a bogus name that goes no-where? 

Analgously: I don't publish my name with my phone number, I am listed under
a nym.  (Its free, and being unlisted isn't.)  If I need to tell
someone how to look me up if they're in town (and if they've forgotten 
the phone number I've personally given them) I refer them to the alias.  
The alias is somewhat mnemonic (my housecat's name) so they can remember it.

Its more convenient if key recipient can rename the key so your tools
automatically recognize it.

BTW, here's another reason not to publish your address and keys.
Aside from the fact that broadcast+stego communication is more discreet, 
what's to stop an <evil-country person> from sending *encrypted* mail
to all the addresses on a server, serving two purposes: 1. stuffing
the NSA's inbox with folks to watch 2. covering up his true communication
partner.  Probably the social-network-inference codes can filter most
of this TLA-spam, but hitting innocents with blatantly encrypted messages
from <evil-country du jour> would be an interesting hack.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to