Why hashed User IDs is not the solution to User ID enumeration (was: Re: Creating a key bearing no user ID)
expires2012 at rocketmail.com
Thu Jan 26 02:02:50 CET 2012
-----BEGIN PGP SIGNED MESSAGE-----
On Tuesday 24 January 2012 at 3:21:35 PM, in
<mid:4F1ECC7F.6060108 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:
> What you're looking to do with this proposed
> hashed-user-id scheme is to find a way to avoid
> allowing people to enumerate e-mail addresses or User
> IDs from the data contained on the keyservers. Right?
That is basically it, yes.
> Certainly, the keyservers will continue to support
> non-digested User IDs, so now tools will need to be
> able to handle both of them; we'll also need a policy
> for end-user agents to answer questions like "when
> looking up this e-mail address, do i send it only in
> digested form to the keyservers for lookup?
That would fail to return keys that had UIDs containing the non-hashed
string, unless the keyservers stored hashes for all plaintext UIDs.
> or do i
> send it in cleartext form as well, thereby leaking the
> e-mail address to the keyserver operators
Or do I send the hash to one keyserver and the plaintext to another,
thereby doubling the number of enquiries.
> (and to anyone on the network path)?
and use SSL to exclude anyone on the network path?
> Ultimately, i don't think the tradeoffs for this scheme
> are worthwhile for the marginal and limited gain that
> the proposal provides.
Definitely limited; I think of it as little more than a
privacy-enhancing defence against casual snooping rather than a
security measure. But is it really so marginal?
> I'd love to find a solution to
> the User ID enumeration problem, but i don't think
> hashed-user-ids is it.
As I see it, you either:-
include the UIDs in non-human-readable form (e.g. hashed) in the key
or you distribute UIDs separately from their key.
or when you download a key the copy you get includes only the UID you
MFPA mailto:expires2012 at rocketmail.com
An idealist is a person who helps other people to be prosperous
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users