hash email addresses / directory privacy enhancement
vedaal at nym.hush.com
vedaal at nym.hush.com
Tue Apr 29 20:18:40 CEST 2014
I don't know how much of a spam problem there is by having keyservers harvested for their e-mail addresses,
but if indeed it does become a problem, then maybe at that point, the e-mail addresses should not be listed on the keyserver.
When a person generates a new key, the e-mail required by gnupg for key generation, can be listed as something benign such as
name at my.keys
The key will still be identified by the fingerprint, and the e-mail address can be given out by the owner to whomever she/he wants to give it to.
Many keys no longer have the original e-mail address as when they were generated, so the question becomes;
"If the key is accessible by the fingerprint and key name, and people consider the fingerprint the most trustable identifier of the key,
and an attacker cannot forge a key with the same fingerprint, then why is it necessary to have the e-mail address on the keyserver at all?
vedaal
More information about the Gnupg-users
mailing list