The solution to this problem is simple. We want to be able to look up keys on the key servers by email address or user name or keyid. But we don't want the system to be useful for spam harvesting.
Simply require that lookups be by valid email address or user name. Eliminate the wildcard searching. Then spammers won't be able to find email addresses in a very efficient or useful way. Now, it may be argued that this is too strict, that we do need some wildcard searches because of slight variations in spelling of email addresses and names. Fine, we can allow this without allowing full wildcarding. Supporting a "loose search" mode where some letters are different or some email hostname components vary will solve the problem without letting spammers snarf the whole keyring. Keep in mind, first, that there are many other sources of email addresses on the net, and second, that many (or most!) of the keys on the keyservers use obsolete email addresses. Key servers are not a fat target for spammers. But the trivial measures above would go a long way towards eliminating the problem. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]