explain nrsign & lsign?
Robert J. Hansen
rjh at sixdemonbag.org
Mon Jan 29 07:18:18 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
> The thing is degree. Yes, keys are likely harvested. But I will
> suggest you'll
> get /much more/ SPAM from sending a message to this list than you
> will from
> publishing an email address on a key and sending it to a keyserver.
While I agree that in general keyserver harvesting is not a huge
problem for the community, we should be wary about thinking it will
not become a huge problem for the community. Prudence suggests we
consider both alternatives.
> Those volumes represent about one or two days worth on a couple
> other accounts.
This may only mean that there's only one spam syndicate who's
harvesting keyservers, whereas the countless numbers of other
spammers haven't caught on yet. This could just as easily mean that
other spammers have considered the option and decided it's a bad idea
for whatever reason, and only one syndicate isn't getting the memo.
Hard to say.
> So, yes - harvesting occurs. But its impact is being portrayed way
> out of
> proportion to its actual effect. I'd have to conclude that the
> benefits of
> having good addresses searchable on the keyservers far outweighs
> the negligible
> volume of SPAM that can be traced to actual harvesting.
The following is anecdotal experience, so it should be taken with a
grain of salt. Still, it's worth considering.
I spent some time without an email address listed on my key to test
out for myself whether it would present a usability issue. Turns out
it didn't; putting OpenPGP kluges in my email headers told my
recipients my key ID, which made it possible for them to grab my key
despite there being no email address associated with it.
Ultimately, I decided that since I was already drowning in spam on
all of my accounts anyway, the added trouble was insignificant, even
if the added benefit was insignificant. I put an email address on my
key and decided I wasn't going to worry about it any more, since I
didn't see it mattered too much either way.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
-----END PGP SIGNATURE-----
More information about the Gnupg-users