Why hashed User IDs is not the solution to User ID enumeration (was: Re: Creating a key bearing no user ID)

John Clizbe JPClizbe at tx.rr.com
Sat Jan 28 02:52:56 CET 2012

Peter Lebbing wrote:

> And a curious person with a mean streak might sign a key with an obscured e-mail
> address with a signature saying "this is the key for expires2012 at rocketmail.com"
> }:-]. Which is verifiable by hashing the e-mail address. And once "keyserver
> no-modify" is implemented, he'll create a website with a dump of all the
> unobscured e-mail addresses, just because he can. He's like that once he sees
> something that's obscured but not really blinded.

Having keyservers support no-modify requires that they first support crypto.
That's a really big step.

To my knowledge, no one is working on such an initiative in SKS or any other

I believe LDAP is the only platform that presently can handle no-modify, but
does keyserver.pgp.com even support it? I don't recall that it does.
John P. Clizbe                      Inet:John ( a ) Enigmail DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

More information about the Gnupg-users mailing list