On 10/03/11 11:03 AM, Hauke Laging wrote: > Am Mittwoch 09 März 2011 14:39:35 schrieb Robert J. Hansen: > > As we all know you love anecdotal evidence, here's mine: You are > probably right but consider two points: > > 1) Today there is no use in obeying the (2) rules. If such a feature > is implemented then those who are interested in using it will > consider creating new email addresses according to (2). Nonetheless > the number of interested users may be small (but increasing with > increasing public attention to privacy problems besides reading mail > contents).
I'd agree with this. There are enough increases in prying eyes from governments and corporations for more and more people to consider such obfuscation warranted or warranted under some circumstances. >> My suspicion is the number of users impacted by (3) is pretty large. > > I have never done that. I cannot iamagine why this should be > important to anyone. You know which email address you are going to > write to, don't you? OpenPGP should not prevent new features > because somebody abuses the infrastructure as a kind of address > book. I have. Many, many times. There's no point doing it for a free email service provider's domain (e.g. gmail.com), but sometimes there are advantages in checking for keys belonging to people at particular organisations (e.g. government departments). This is one of the reasons why I'd prefer MFPA's suggestion, were it ever implemented, to be optional rather than the default. If that feature weren't available, I doubt I would've found this: pub 1024D/B3F77236 2000-09-21 uid Stephen Smith <stephen.smith...@aph.gov.au> sub 2048g/0E0EEE5F 2000-09-21 Stephen Smith was in Opposition when he made that key, but now he's Minister of Defence. > More important: Not everyone is going to do this. Those people who > regard it important to protect their addresses and names really > don't care about convenience (if the alternative is omitting the > feature). In the mean time, those who would be more likely to do this end up creating pseudonymous accounts and separate keys for each case they wish to deal with. > It might make sense to print a warning if a user activates this > hashing feature for a UID with an email address which is obviously > not brute force safe. Good idea. > And in contrast to Werner I do believe that signatures are going to > kill the spam problem one day. :-) Ah, but will that be in our lifetimes? I don't know how much effect that will really have on spam, but I can see signatures helping to prevent things like this: https://secure.wikimedia.org/wikipedia/en/wiki/Utegate Following the revelation that the email at the centre of the scandal had been faked by Godwin Grech, I did email my MP suggesting they start using OpenPGP signatures. Apparently the DSD had cleared OpenPGP compliant software for use by government departments years ago, but it was up to each department to decide whether or not to use them. Presumably Treasury and the Department of the Prime Minister and Cabinet chose not to. Regards, Ben
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
