-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Monday 28 April 2014 at 5:49:30 PM, in <mid:cadecvyctpq8fncmfoexxjtygyaspc6ymerqdt72duw2focl...@mail.gmail.com>, John Wofford wrote: > I apologize if this has been discussed before, I have taken part in such discussions before. A quick search suggests to look in the list archives for around July 2010, Feb/March 2011, and January 2012. > but > wouldn't it make sense to run email addresses through a > one-way hash before uploading them to a keyserver? I would love to do this for both email addresses and names, for privacy reasons. > It > seems trivial for spammers to scrape all uploaded keys > for addresses at this point in time. Probably quicker and easier for spammers to just randomly generate addresses. And there will be so many out-of-date email addresses on the keyservers that it would not be worth the effort to scrape them. I have a key on the servers for just over four years now with a valid address that has been used for no other purpose and has not received a single email. OK, not a statistically valid experiment but I'm sure plenty of others have done similar. > For example, I upload key associated with address > [email protected] to an SKS keyserver. Rather than > having the key associated "[email protected]", I > think it would make more sense to associate and be > searchable by hash XYZ. In previous discussion, knowledgeable people tell me they see little-to-no merit in the suggestion. > Therefore, public keys are all > still accessible and public, but a user would need to > have the knowledge of email address > "[email protected]" before using the key (rather > than just "browsing" a dump). There is little or no evidence of this type of spam. - -- Best regards MFPA mailto:[email protected] To know what we know, and know what we do not know, is wisdom. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlNe4ZNXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5p27sD/Ard/Mx55WfbPNnjIfM1D2mhvuVIKpwwzvPE FP0HBET0bXYRnGpxmxY8+vQyJDucELCfcITSb9e5KpR/dLq0lwznS/4fI2znBUq+ VRL25WA6WKBHEKT9qOtECSk6I2dah+BnJWB+B/+T/7FsnSO3S9bByZ+95NJRDfk+ EkEKCQCQ =DA3e -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
