Preserving non-central and privacy with a "permission recording keyserver" (was: Launching a new keyserver on keys.openpgp.org!)

Michał Górny mgorny at gentoo.org
Wed Jul 10 11:05:57 CEST 2019


Dnia July 10, 2019 7:32:29 AM UTC, Bernhard Reiter <bernhard at intevation.de> napisał(a):
>Am Dienstag 09 Juli 2019 14:37:05 schrieb Michał Górny via Gnupg-devel:
>> On Tue, 2019-07-09 at 11:50 +0200, Bernhard Reiter wrote:
>
>> > === Non-email ids
>
>
>> How are you going to detect people on photo IDs?
>
>We also should limit the data on the userid to some byte length, but
>yes, if 
>it gets an automated attack that personal data, like an email address
>gets 
>encoded as png image, we might have to add a png decoder and an OCR at
>some 
>point. The point of this strategy is that we only do it, once this
>attack 
>really comes to place. And additionally, we try to get hold of the
>attacker
>and sue her for interfering with a common infrastructure.

I don't think we're taking about the same thing. I was considering the case where somebody uploads his photo as UID. How are you going to protect against somebody using my face, for example?


--
Best regards, 
Michał Górny



More information about the Gnupg-devel mailing list