On 08/02/2013 21:32, Dave Cridland wrote:
Well there's also a harvesting problem to solve, I think. You need to
make it generally hard for a spammer to try all email addresses they
have to convert that list into a list of jids.
Obviously a bad server holding a copy of the table is the worst case here.
Maybe the info could somehow be hashed (with e.g. bcrypt), so that it
would not pose a problem for the client querying the information, but
make it significantly harder for a “bad” server to get a hold of the
(quite sensible) information.
This would also answer most privacy-related questions (even if a server
is not “bad”, keeping private data in a DHT has privacy issues).
--
Mathieu Pasquet
