-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Wednesday 9 March 2011 at 1:39:35 PM, in <mid:[email protected]>, Robert J. Hansen wrote: > 3. Deploying this scheme means: > (a) people can no longer do fuzzy searches for > email addresses ("show me all user IDs that > look like this pattern") > (b) finding > people's certificates may be made more > difficult due to (a) Certificates with only hashed user IDs would be harder to find than those that contain the actual name and email address. But easier to find than those that show spurious information or contain no email address or name at all. > 4. My suspicion is the number of users covered by (2) > is pretty small. My suspicion is the number of users > impacted by (3) is pretty large. My suspicion is we do > not have a very good handle on just how difficult we > need to make things, given the resources available to > spammers in (1a). After generating the list of possible email addresses, why would a spammer generate the hashes and search for keys instead of simply blasting out messages to the whole lot? - -- Best regards MFPA mailto:[email protected] Wisdom is a companion to age; yet age may travel alone. -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJNe9McnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pEYMD/3Q/ Qt8LnJvVjv4Bb88jeiMBFxETBKcfkeJsY5u+dICB9lS7JmKzGoR6gzTod/mZdTMV 9+NuLrlDXcOxQfRZTdd38z6YIf6nBgmRSvAxzG7DH/WCxGVoQkChNV13+pY/rf6c BBFW2gf/DruOyWHh6jN3IV8YDjdM1p1+0NUAgu71 =3R5z -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
