I don't know how much of a spam problem there is by having keyservers harvested for their e-mail addresses, but if indeed it does become a problem, then maybe at that point, the e-mail addresses should not be listed on the keyserver.
When a person generates a new key, the e-mail required by gnupg for key generation, can be listed as something benign such as n...@my.keys The key will still be identified by the fingerprint, and the e-mail address can be given out by the owner to whomever she/he wants to give it to. Many keys no longer have the original e-mail address as when they were generated, so the question becomes; "If the key is accessible by the fingerprint and key name, and people consider the fingerprint the most trustable identifier of the key, and an attacker cannot forge a key with the same fingerprint, then why is it necessary to have the e-mail address on the keyserver at all? vedaal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
