Am Mittwoch 09 März 2011 14:39:35 schrieb Robert J. Hansen: > 2. To really gain benefit from this scheme, you must: > > (a) have a non-trivially-brute-forceable email address > (b) want to be able to hide your email address
> 3. Deploying this scheme means: > > (a) people can no longer do fuzzy searches for email > addresses ("show me all user IDs that look like this > pattern") > (b) finding people's certificates may be made more > difficult due to (a) > > 4. My suspicion is the number of users covered by (2) is pretty small. As we all know you love anecdotal evidence, here's mine: You are probably right but consider two points: 1) Today there is no use in obeying the (2) rules. If such a feature is implemented then those who are interested in using it will consider creating new email addresses according to (2). Nonetheless the number of interested users may be small (but increasing with increasing public attention to privacy problems besides reading mail contents). 2) gpg offers a lot of features which I guess are used (and even known) by a small share of its users. Nonetheless they got implemented. Obviously the main argument is not the number of users but the quality of the software. There is a whole section "Doing things one usually doesn't want to do." in the man page. I guess it contains more than 80 options. > My suspicion is the number of users impacted by (3) is pretty large. I have never done that. I cannot iamagine why this should be important to anyone. You know which email address you are going to write to, don't you? OpenPGP should not prevent new features because somebody abuses the infrastructure as a kind of address book. More important: Not everyone is going to do this. Those people who regard it important to protect their addresses and names really don't care about convenience (if the alternative is omitting the feature). It might make sense to print a warning if a user activates this hashing feature for a UID with an email address which is obviously not brute force safe. And in contrast to Werner I do believe that signatures are going to kill the spam problem one day. :-) Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users