hash email addresses / directory privacy enhancement
jwoffpg at gmail.com
Mon Apr 28 18:49:30 CEST 2014
I apologize if this has been discussed before, but wouldn't it make
sense to run email addresses through a one-way hash before uploading
them to a keyserver? It seems trivial for spammers to scrape all
uploaded keys for addresses at this point in time.
For example, I upload key associated with address
john.smith at example.com to an SKS keyserver. Rather than having the key
associated "john.smith at example.com", I think it would make more sense
to associate and be searchable by hash XYZ. Therefore, public keys are
all still accessible and public, but a user would need to have the
knowledge of email address "john.smith at example.com" before using the
key (rather than just "browsing" a dump).
More information about the Gnupg-users