Why hashed User IDs is not the solution to User ID enumeration (was: Re: Creating a key bearing no user ID)
John Clizbe
JPClizbe at tx.rr.com
Sat Jan 28 02:52:56 CET 2012
Peter Lebbing wrote:
> And a curious person with a mean streak might sign a key with an obscured e-mail
> address with a signature saying "this is the key for expires2012 at rocketmail.com"
> }:-]. Which is verifiable by hashing the e-mail address. And once "keyserver
> no-modify" is implemented, he'll create a website with a dump of all the
> unobscured e-mail addresses, just because he can. He's like that once he sees
> something that's obscured but not really blinded.
Having keyservers support no-modify requires that they first support crypto.
That's a really big step.
To my knowledge, no one is working on such an initiative in SKS or any other
keyserver.
I believe LDAP is the only platform that presently can handle no-modify, but
does keyserver.pgp.com even support it? I don't recall that it does.
--
John P. Clizbe Inet:John ( a ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
More information about the Gnupg-users
mailing list