hash email addresses / directory privacy enhancement

Hauke Laging mailinglisten at hauke-laging.de
Mon Apr 28 21:15:30 CEST 2014


Am Mo 28.04.2014, 16:49:30 schrieb John Wofford:
> I apologize if this has been discussed before,

Yeah, I was the last one.


> sense to run email addresses through a one-way hash before uploading
> them to a keyserver?

Short answer: It would not work with typical email addresses because 
their "key space" is too small, enumeration and hash checking would be 
possible.

The real weapon against spammers would be a "transport web of trust" 
i.e. a "transport signature" by a key which is considered valid for 
delivering email. But that is ten years from now.


Hauke
-- 
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140428/e2e930cf/attachment.sig>


More information about the Gnupg-users mailing list