Keyserver spam example

MFPA expires2010 at
Fri Jun 11 18:10:54 CEST 2010

Hash: SHA512


On Thursday 10 June 2010 at 4:39:46 PM, in
<mid:201006101739.46469.mailinglisten at>, Hauke Laging

> But that is the wrong argument. The correct argument is
> about the key server share of spam in a world in which
> nearly everyone has a public key. Of course, in that
> world signatures may be used to prevent spam. So the
> problem is mainly the mean time.

Another solution would be hashing the email address in a key's
user-id, so that somebody knowing the address could find the key on
the server, but the keyserver didn't publicly list the address. I just
noticed you advocate this further on in your message (-;

> If you have an email address then you get spam. That is
> a reliable rule. But people cannot decide not to have
> an email address, that is virtually  impossible.

They could always use disposable email addresses, or use a different
address for communication with each contact.

> But
> people CAN decide not to have a public key (on key
> servers).

They can also choose to publish a key but not to include their email
address in any of the user-ids. This makes the key pretty much
impossible to find without the key-id. Unfortunately it also confuses
some email clients, and has web-of-trust implications (because many
people are unwilling to sign a key that shows no email address).

- --
Best regards

MFPA                    mailto:expires2010 at

Experience is the name everyone gives to their mistakes


More information about the Gnupg-users mailing list