Keyserver spam example

Hauke Laging mailinglisten at hauke-laging.de
Thu Jun 10 17:39:46 CEST 2010


Am Donnerstag 10 Juni 2010 16:00:18 schrieb David Shaw:

> Periodically there is a discussion on this list about whether having your
>  key on a keyserver will result in more spam.  My feeling on this is that
>  you might get more spam, but it's a drop in the bucket compared to the
>  usual onslaught that streams in daily.

But that is the wrong argument. The correct argument is about the key server 
share of spam in a world in which nearly everyone has a public key. Of course, 
in that world signatures may be used to prevent spam. So the problem is mainly 
the mean time.

If you have an email address then you get spam. That is a reliable rule. But 
people cannot decide not to have an email address, that is virtually 
impossible. But people CAN decide not to have a public key (on key servers).

In my opinion we should see three important aspects:

1) The situation will change if PGP becomes more common (what we want).

2) This is not only about spam but about the protection of privacy. It is 
inacceptable that everyone can easily check who is in contact with whom via 
the clear text addresses and the web of trust. It was mentioned here that this 
can even be dangerous for people who get suppressed by their government.

3) Big parts of the problem are easy to solve. Don't export clear text names 
or addresses any more but their hash only. Store those clear texts seperately 
from the keys like the trustdb file.

Apropos hash, if I may "advertise" one of my proposals (no relation to PGP)... 
I think that it makes sense to make more use of hashes, visible to the user. 
Using this for the protection of names and addresses in gpg could be a guide 
for other applications (solving other problems, though). This could even be 
used for a "new" security mechanism (see the end of the document).

For the part of the audience which can read German:
http://www.hauke-laging.de/ideen/diktierhilfehash/

And for the rest: The more or less great result of the Google translator... 
;-)
http://translate.google.de/translate?js=y&prev=_t&hl=de&ie=UTF-8&layout=1&eotf=1&u=http%3A%2F%2Fwww.hauke-
laging.de%2Fideen%2Fdiktierhilfehash%2Findex_1_2.html&sl=de&tl=en


CU

Hauke
-- 
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100610/250e67e5/attachment.pgp>


More information about the Gnupg-users mailing list