Why hashed User IDs is not the solution to User ID enumeration (was: Re: Creating a key bearing no user ID)

MFPA expires2012 at rocketmail.com
Sun Jan 29 18:01:34 CET 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 28 January 2012 at 6:21:25 AM, in
<mid:F4FA1857-0E07-407C-B80A-EB74E4FE8368 at jabberwocky.com>, David Shaw
wrote:


> It does not support it.  With keyserver.pgp.com, it's
> sort of as if no-modify is always on, but in a limited
> sense: the keyserver will only allow new user IDs or a
> new key from the key owner (though enforced via "who
> can read email at your address", rather than
> cryptographically), but it allows anyone whose key is
> on keyserver.pgp.com to sign a key and send the update
> to the keyserver.  So you can always sign someone
> else's key if you desire.

Does the key you are adding your signature to have to already be on
keyserver.pgp.com?

- --
Best regards

MFPA                    mailto:expires2012 at rocketmail.com

My mind works like lightning... one brilliant flash and it's gone
-----BEGIN PGP SIGNATURE-----

iQCVAwUBTyV7c6ipC46tDG5pAQqRsQP+KXxe9/EQ0tHDwmRMIdNNF/9zrM3/vtIa
Wq/e6VYiXIMoNFfmI+VCr4Gs6f/I5Yi4UYStk9S+TQRxAvK32EzebVVP1gw+MqrV
JFFPV5p/cbOdOP+/bNJPuWO9uck07fILpAZhoJ8FNESUVUn2AV3tLAnCTKOoDra6
igVOGjXCwQQ=
=TS/Z
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list