hash email addresses / directory privacy enhancement
Hauke Laging
mailinglisten at hauke-laging.de
Mon Apr 28 21:15:30 CEST 2014
Am Mo 28.04.2014, 16:49:30 schrieb John Wofford:
> I apologize if this has been discussed before,
Yeah, I was the last one.
> sense to run email addresses through a one-way hash before uploading
> them to a keyserver?
Short answer: It would not work with typical email addresses because
their "key space" is too small, enumeration and hash checking would be
possible.
The real weapon against spammers would be a "transport web of trust"
i.e. a "transport signature" by a key which is considered valid for
delivering email. But that is ten years from now.
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140428/e2e930cf/attachment.sig>
More information about the Gnupg-users
mailing list