Why hashed User IDs is not the solution to User ID enumeration (was: Re: Creating a key bearing no user ID)
MFPA
expires2012 at rocketmail.com
Sun Jan 29 18:01:34 CET 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Saturday 28 January 2012 at 6:21:25 AM, in
<mid:F4FA1857-0E07-407C-B80A-EB74E4FE8368 at jabberwocky.com>, David Shaw
wrote:
> It does not support it. With keyserver.pgp.com, it's
> sort of as if no-modify is always on, but in a limited
> sense: the keyserver will only allow new user IDs or a
> new key from the key owner (though enforced via "who
> can read email at your address", rather than
> cryptographically), but it allows anyone whose key is
> on keyserver.pgp.com to sign a key and send the update
> to the keyserver. So you can always sign someone
> else's key if you desire.
Does the key you are adding your signature to have to already be on
keyserver.pgp.com?
- --
Best regards
MFPA mailto:expires2012 at rocketmail.com
My mind works like lightning... one brilliant flash and it's gone
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTyV7c6ipC46tDG5pAQqRsQP+KXxe9/EQ0tHDwmRMIdNNF/9zrM3/vtIa
Wq/e6VYiXIMoNFfmI+VCr4Gs6f/I5Yi4UYStk9S+TQRxAvK32EzebVVP1gw+MqrV
JFFPV5p/cbOdOP+/bNJPuWO9uck07fILpAZhoJ8FNESUVUn2AV3tLAnCTKOoDra6
igVOGjXCwQQ=
=TS/Z
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list