Exposing email addresses on key servers
Joseph Oreste Bruni
jbruni at me.com
Tue Jun 30 05:01:45 CEST 2009
On Jun 28, 2009, at 8:34 PM, Jesse Cheung wrote:
> Since I still feel totally green in this area I am still listening to
> opinions on the list and haven't pushed my key yet :P
>
Hi Jesse,
There is no rule that says you must upload your key to a keyserver. If
you are concerned that others might find your email address, then
simply don't upload your key. If you then want someone to have your
PGP key, you simply exchange it some other way (e.g. email, web page,
memory stick).
Keyservers make it convenient to locate others' keys by searching on
key ID or email addresses.
FWIW, I have had my PGP key in circulating in keyservers since 1997.
Only my yahoo.com address gets buried in spam but that address has
never appeared in my PGP key. Instead, I have used that address for
registering at sites that require email addresses for access to
content, such as New York Times. That address gets hundreds of spams a
day.
-Joe
More information about the Gnupg-users
mailing list