explain nrsign & lsign?

Randy Burns randy at randyburns.us
Thu Feb 1 18:43:52 CET 2007

--- David Shaw <dshaw at jabberwocky.com> wrote:

> On Mon, Jan 29, 2007 at 05:20:20PM +0100, Werner Koch wrote:
> > On Mon, 29 Jan 2007 16:22, dshaw at jabberwocky.com said:
> > 
> > > etc.  Nowadays, many spammers aren't using their own bandwidth or
> CPU.
> > > So why *not* hit the keyservers?  It costs them essentially nothing.
> > 
> > OTOH, addresses taken from the addressbook as available on the host
> > (== zombie Windows PC) are much more effective than harvesting the web
> > or kyeservers. These local addresses are more certain to actually be
> > used and even better: the recipient of the spam knows the sender.
> Indeed.  It is also possible that the keyservers aren't being targeted
> specifically as keyservers, but rather that people have links to
> keyserver searches out there, and the spammers are just using a
> crawler that happens to follow that link.  Some keyservers don't
> obfuscate their search results.
> David

Something to think about when organizing a keysigning too. Avoid putting a
participant list on a webpage. Just a keyring maybe.


More information about the Gnupg-users mailing list