Why hashed User IDs is not the solution to User ID enumeration
Jerome Baum
jerome at jeromebaum.com
Sat Jan 28 06:48:47 CET 2012
On 2012-01-28 06:14, Robert J. Hansen wrote:
> It isn't just that no one's written the code: it's there's no community
> consensus to deploy such code, even if it were written. It would be a
> pretty major flag day. After all, if one keyserver enforces it and
> others don't, then that's going to create a pretty obvious syncing problem.
What syncing problem is that? Wouldn't the crypto-supporting keyserver
simply sync out (provide to other keyservers) it's published packets and
sync in everything (yet drop packets without a "publish" signature)?
(So in this scenario I'm assuming the key owner adds e.g. a
self-signature with a special notation listing the packets that they
want to be published on the keyserver.)
Or was this more about "old" keys -- that don't have the special
self-signature -- dropping out of the network? How about making the
publish control optional -- if the self-sig doesn't say "I want to
control my published stuff" then just publish all packets?
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
nameserver 217.79.186.148
nameserver 178.63.26.172
http://opennicproject.org/
--
No situation is so dire that panic cannot make it worse.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 878 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120128/55d159e4/attachment-0001.pgp>
More information about the Gnupg-users
mailing list