On 1/26/2012 6:41 PM, MFPA wrote: > The use of the word "harvesting" in this context suggests to me a > concern about spamming rather than about privacy.
The use is correct. Spamming is what someone does once they have your private information: harvesting is the act of collecting. > And I would like the ability to protect my name as well as (or > instead of) my email address. One windmill at a time, my ingenious gentleman of La Mancha. > Is "without requiring any extensions" a necessary requirement? "Necessary" is a strong word. The consequence of extending it is you get to be the one to write the extensions (both in RFC and source-code form) and maintain them across a whole raft of other operating systems and hardware configurations. > If a solution were feasible that required an extension or a local > proxy to handle the keyserver queries, why should it be discarded? A local proxy is not an extension. An extension means "we're going to break conformance with the OpenPGP spec" or "we're going to break compatibility with the SKS keyserver network." If you break conformance with the OpenPGP spec, then you get to build the new spec. If you break compatibility with the SKS network, then you get to build a new network to replace it. > Why would a spammer network bother to generate email addresses and > submit them as keyserver queries, rather than just sending spam out > to them all? I have been waiting for you to realize this. *Even if you solve the key enumeration problem, you solve nothing.* It doesn't get you anything, because the email enumeration problem is just as bad. > For want of a better analogy, the names and email addresses readable > from User IDs on the keyservers are akin to listings in the phone > book. The names and email addresses that cannot be read because they > are obscured in blinded User IDs are akin to unlisted phone numbers. And yet, my two unlisted cell phones both routinely get robocalls and telemarketers. They, too, work by enumeration. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users