hash email addresses / directory privacy enhancement

vedaal at nym.hush.com vedaal at nym.hush.com
Tue Apr 29 20:18:40 CEST 2014

I don't know how much of a spam problem there is by having keyservers harvested for their e-mail addresses,
but if indeed it does become a problem, then maybe at that point, the e-mail addresses should not be listed on the keyserver.

When a person generates a new key, the e-mail required  by gnupg for key generation, can be listed as something benign such as
name at my.keys

The key will still be identified by the fingerprint, and the e-mail address can be given out by the owner to whomever she/he wants to give it to.

Many keys no longer have the original e-mail address as when they were generated, so the question becomes;

"If the key is accessible by the fingerprint and key name, and people consider the fingerprint the most trustable identifier of the key,
and an attacker cannot forge a key with the same fingerprint, then why is it necessary to have the e-mail address on the keyserver at all?


More information about the Gnupg-users mailing list