email hashes in PGP keys as protection against spam
mailinglisten at hauke-laging.de
Mon Oct 5 23:02:39 CEST 2009
Am Montag 05 Oktober 2009 schrieb Robert J. Hansen:
> Sure, but this just goes to show you that people are awful at estimating
Maybe. But I would not call it science that you imply that harvesting from
key servers will result in about the same amount of spam as pure address
guessing by the spammers would.
> Likewise, anyone
> who keeps their keys off the keyservers because they're afraid of
> getting spam is fantastically missing the point.
Your point maybe. It seems a bit strange to me that you believe to be
capable of calculating everyone's personal spam risk.
> If this is really your aim, then I think this proposal needs to get shot
Because you want to decide for others what risks they have to take and
which not. You may make fun of afraid flight passengers but nonetheless
such assessments should be up to the user.
> The protocol can either address real concerns or else it can make
> people feel better about things without actually doing anything at all.
> The former is engineering; the latter is snake-oil.
There is a clear technical effect and an unclear estimation how completely
different problems might create the problem which shall be guarded against
this way. Snake-oil refers to fooling somebody. I don't do that. I do not
claim that an email address is spam safe just because the key server
problem is solved.
> > A second reason to do this is privacy. There is no reason to allow
> > easy queries the email addresses somebody or an organization uses.
> So run a private keyserver. Bang, problem solved.
You are funny. You are promoting to avoid key servers thus not being
reachable any more for most users as the superior solution to hiding the
critical data in hash values? "people are awful at estimating"? Sometimes.
More information about the Gnupg-devel