On 02/28/2011 06:38 PM, David Shaw wrote: > I think the problem here is the large size of the deployed infrastructure > that expects user IDs to have email addresses in them combined with the > relatively few people who are asking for this feature. To make this change, > you'd have to have a keyserver that could search in that manner, plus client > support to make the hashes when talking to the keyserver, etc. You'd have to > handle the very-small-but-non-zero chance of a hash collision in the user ID, > too.
the folks in the monkeysphere project have put some thought and work into trying specify how this sort of thing should be approached. however, i'm not convinced that hashed user IDs saves much against even a moderately dedicated attacker, for the same reason that dan bernstein rightly points out the failure of NSEC3 to avoid zone enumeration: http://dnscurve.org/nsec3walker.html --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
