Why hashed User IDs is not the solution to User ID enumeration (was: Re: Creating a key bearing no user ID)

David Shaw dshaw at jabberwocky.com
Sat Jan 28 07:21:25 CET 2012


On Jan 27, 2012, at 8:52 PM, John Clizbe wrote:

> Peter Lebbing wrote:
> 
>> And a curious person with a mean streak might sign a key with an obscured e-mail
>> address with a signature saying "this is the key for expires2012 at rocketmail.com"
>> }:-]. Which is verifiable by hashing the e-mail address. And once "keyserver
>> no-modify" is implemented, he'll create a website with a dump of all the
>> unobscured e-mail addresses, just because he can. He's like that once he sees
>> something that's obscured but not really blinded.
> 
> Having keyservers support no-modify requires that they first support crypto.
> That's a really big step.
> 
> To my knowledge, no one is working on such an initiative in SKS or any other
> keyserver.
> 
> I believe LDAP is the only platform that presently can handle no-modify, but
> does keyserver.pgp.com even support it? I don't recall that it does.

It does not support it.  With keyserver.pgp.com, it's sort of as if no-modify is always on, but in a limited sense: the keyserver will only allow new user IDs or a new key from the key owner (though enforced via "who can read email at your address", rather than cryptographically), but it allows anyone whose key is on keyserver.pgp.com to sign a key and send the update to the keyserver.  So you can always sign someone else's key if you desire.

David




More information about the Gnupg-users mailing list