email hashes in PGP keys as protection against spam

Hauke Laging mailinglisten at hauke-laging.de
Mon Oct 5 23:02:39 CEST 2009


Am Montag 05 Oktober 2009 schrieb Robert J. Hansen:

> Sure, but this just goes to show you that people are awful at estimating
> risks.

Maybe. But I would not call it science that you imply that harvesting from 
key servers will result in about the same amount of spam as pure address 
guessing by the spammers would.


> Likewise, anyone
> who keeps their keys off the keyservers because they're afraid of
> getting spam is fantastically missing the point.

Your point maybe. It seems a bit strange to me that you believe to be 
capable of calculating everyone's personal spam risk.


> If this is really your aim, then I think this proposal needs to get shot
> down.

Because you want to decide for others what risks they have to take and 
which not. You may make fun of afraid flight passengers but nonetheless 
such assessments should be up to the user.


> The protocol can either address real concerns or else it can make 
> people feel better about things without actually doing anything at all.
>  The former is engineering; the latter is snake-oil.

There is a clear technical effect and an unclear estimation how completely 
different problems might create the problem which shall be guarded against 
this way. Snake-oil refers to fooling somebody. I don't do that. I do not 
claim that an email address is spam safe just because the key server 
problem is solved.


> > A second reason to do this is privacy. There is no reason to allow
> > easy queries the email addresses somebody or an organization uses.
>
> So run a private keyserver.  Bang, problem solved.

You are funny. You are promoting to avoid key servers thus not being 
reachable any more for most users as the superior solution to hiding the 
critical data in hash values? "people are awful at estimating"? Sometimes.


Hauke



More information about the Gnupg-devel mailing list