email hashes in PGP keys as protection against spam

Daniel Kahn Gillmor dkg at
Mon Oct 5 06:28:31 CEST 2009

Hi Hauke--

Interesting proposal (about digesting User IDs), but i suspect that the
ietf's openpgp working group is a better place to discuss this kind of
change than the tool-specific gpg-devel list.

For that reason, i'm sending my reply there, and i've set Reply-To there
as well.  i hope that's OK with you.

On 10/04/2009 10:08 PM, Hauke Laging wrote:
> The description is on my web site:
> Of course, I am interested in comments in order to improve the concept if 
> necessary.

 (full message here: )

some questions your proposal raises for me:

 0) you only talk about digesting the e-mail part of the address.  what
about the human-specific name?  Would this need to be digested also?
Why or Why not?

 1) your proposal lacks a concrete example case; What would the User ID
for 'Jane Doe <jane at>' look like under this policy?  The
devil is often in the details, and an explicit example would help sort
out the details.

 2) Would the act of keysigning need to change under your proposal?  If
so, what would keysigners need to do differently than they currently do?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20091005/757698eb/attachment.pgp>

More information about the Gnupg-devel mailing list