Why hashed User IDs is not the solution to User ID enumeration

Doug Barton dougb at dougbarton.us
Sat Jan 28 07:57:13 CET 2012

On 01/27/2012 21:48, Jerome Baum wrote:
> On 2012-01-28 06:14, Robert J. Hansen wrote:
>> It isn't just that no one's written the code: it's there's no community
>> consensus to deploy such code, even if it were written.  It would be a
>> pretty major flag day.  After all, if one keyserver enforces it and
>> others don't, then that's going to create a pretty obvious syncing problem.
> What syncing problem is that? Wouldn't the crypto-supporting keyserver
> simply sync out (provide to other keyservers) it's published packets and
> sync in everything (yet drop packets without a "publish" signature)?
> (So in this scenario I'm assuming the key owner adds e.g. a
> self-signature with a special notation listing the packets that they
> want to be published on the keyserver.)
> Or was this more about "old" keys -- that don't have the special
> self-signature -- dropping out of the network? How about making the
> publish control optional -- if the self-sig doesn't say "I want to
> control my published stuff" then just publish all packets?

This is the second (third?) time this has come up in the recent past.
Maybe instead of talking more about it those who are interested in
having this functionality should go create it? Then the community would
have something concrete to discuss.

If it really is as simple as you describe, I can't see any reason why
people wouldn't want to deploy it. :)



	It's always a long day; 86400 doesn't fit into a short.

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/

More information about the Gnupg-users mailing list