email hashes in PGP keys as protection against spam

Robert J. Hansen rjh at sixdemonbag.org
Mon Oct 5 21:14:42 CEST 2009


Hauke Laging wrote:
> My aim is to let people publish their keys without being afraid that *this* 
> action leads to (more) spam. Have you considered that some people are not 
> willing to use spam filters for certain addresses?

Sure, but this just goes to show you that people are awful at estimating
risks.  Take flying as an example: driving to the airport is the most
dangerous part of the trip, but people are more afraid of the plane
crashing than them getting into a fatal car accident.  Likewise, anyone
who keeps their keys off the keyservers because they're afraid of
getting spam is fantastically missing the point.

If this is really your aim, then I think this proposal needs to get shot
down.  The protocol can either address real concerns or else it can make
people feel better about things without actually doing anything at all.
 The former is engineering; the latter is snake-oil.

> A second reason to do this is privacy. There is no reason to allow easy 
> queries the email addresses somebody or an organization uses.

So run a private keyserver.  Bang, problem solved.




More information about the Gnupg-devel mailing list