hashed user IDs [was: Re: Security of the gpg private keyring?]

Ben McGinnes ben at adversary.org
Thu Mar 10 03:35:33 CET 2011


On 10/03/11 12:39 AM, Robert J. Hansen wrote:
> 
> 4.  My suspicion is the number of users covered by (2) is pretty
> small.

Very probably, at least at the moment (for the reasons Hauke
mentioned).

> My suspicion is the number of users impacted by (3) is pretty large.

Almost certainly.

> My suspicion is we do not have a very good handle on just how
> difficult we need to make things, given the resources available to
> spammers in (1a).

I don't really think the spamming scenario is of great concern.
Spammers get email addresses from plenty of other methods and there
are better ways to stop spam than preventing your email address from
being posted somewhere, including a keyserver.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110310/ab5fcf37/attachment.pgp>


More information about the Gnupg-users mailing list