Why hashed User IDs is not the solution to User ID enumeration

Jerome Baum jerome at jeromebaum.com
Sat Jan 28 08:01:32 CET 2012


On 2012-01-28 07:57, Doug Barton wrote:
> On 01/27/2012 21:48, Jerome Baum wrote:
>> On 2012-01-28 06:14, Robert J. Hansen wrote:
> This is the second (third?) time this has come up in the recent past.
> Maybe instead of talking more about it those who are interested in
> having this functionality should go create it? Then the community would
> have something concrete to discuss.
> 
> If it really is as simple as you describe, I can't see any reason why
> people wouldn't want to deploy it. :)

I'm not interested in having this functionality. I'm just interested in
the problem (and only from a theoretical perspective).

Personally I don't think it makes sense to support no-modify on
keyservers -- if I want to publish a signature I create, I can, and the
owner of the key can not stop me.


-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
--
nameserver 217.79.186.148
nameserver 178.63.26.172
http://opennicproject.org/
--
No situation is so dire that panic cannot make it worse.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 878 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20120128/a7edd16f/attachment.pgp>


More information about the Gnupg-users mailing list