-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 10/13/2010 9:36 PM, R P Herrold wrote: > just becaiuse something CAN be done does not mean it should be done, > and here particularly with a fine cache of email addresses intact > for spammers to target (rather than having to pull them one-off)
Two things: 1. Shielding email addresses is just bad strategy. If your anti-spam measure is built on keeping your email address secret, then once your email address gets out (and they all do, eventually!) your plan falls apart. It is wiser to assume the spammers already have your email address and rely on anti-spam measures that are robust even then. Kerckhoff's Principle, paraphrased: "the adversary knows the system." In crypto we build systems and assume the bad guys have perfect knowledge about how the system works, about everything involved in the system except the secret key. Kerckhoff's works well for crypto. It also works well for anti-spam measures: assume the spammer already knows about you. 2. People who upload their certificates to the server have already made a conscious decision to publish their certificates far and wide. They've voluntarily entered their email addresses into a worldwide searchable database where anyone, /anyone/, can get a copy of it. Keeping the keydump away from Google is not going to make life any harder for the spammers. There's already strong evidence suggesting spammers are already harvesting the keydump anyway. > I think you are running around solving a problem that does not > exist, No comment on this. > and [impairing] the privacy of a whole community's members This is nonsense. -----BEGIN PGP SIGNATURE----- iFYEAREIAAYFAky2bIEACgkQI4Br5da5jhA1ogDcDBvf18YA8MI7s6FP177iAdrZ k9cwBWaOfnrwJADeNtlEe7ixQYM/KcoRPh9VhfD3md5JtO1Zdvma/A== =JOLy -----END PGP SIGNATURE-----
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org http://lists.nongnu.org/mailman/listinfo/sks-devel