I apologize if this has been discussed before, but wouldn't it make sense to run email addresses through a one-way hash before uploading them to a keyserver? It seems trivial for spammers to scrape all uploaded keys for addresses at this point in time.
For example, I upload key associated with address [email protected] to an SKS keyserver. Rather than having the key associated "[email protected]", I think it would make more sense to associate and be searchable by hash XYZ. Therefore, public keys are all still accessible and public, but a user would need to have the knowledge of email address "[email protected]" before using the key (rather than just "browsing" a dump). _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
