email hashes in PGP keys as protection against spam
John at Mozilla-Enigmail.org
Mon Oct 5 22:31:07 CEST 2009
Robert J. Hansen wrote:
> Hauke Laging wrote:
>> My aim is to let people publish their keys without being afraid that *this*
>> action leads to (more) spam. Have you considered that some people are not
>> willing to use spam filters for certain addresses?
> Sure, but this just goes to show you that people are awful at estimating
> risks. Take flying as an example: driving to the airport is the most
> dangerous part of the trip, but people are more afraid of the plane
> crashing than them getting into a fatal car accident. Likewise, anyone
> who keeps their keys off the keyservers because they're afraid of
> getting spam is fantastically missing the point.
They are also not so good at estimating the incidence of "Keyserver SPAM".
Yes, it happens. But when I tried to measure it, it was of a level statistically
indistinguishable from random noise.
> If this is really your aim, then I think this proposal needs to get shot
> down. The protocol can either address real concerns or else it can make
> people feel better about things without actually doing anything at all.
> The former is engineering; the latter is snake-oil.
I see this proposal breaking a lot of applications to "solve" a minute level of
SPAM. It's a security blanket that really doesn't address the problem, only a
>> A second reason to do this is privacy. There is no reason to allow easy
>> queries the email addresses somebody or an organization uses.
> So run a private keyserver. Bang, problem solved.
LDAP servers make a great keyserver for this sort of application
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 679 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel