Keyservers and Spam
Michael Helm
helm at fionn.es.net
Mon Jun 9 12:34:20 EDT 2003
Jill.Ramonsky at Aculab.com writes:
> My first thought is to generate a new (secure) email address which includes
> the old (insecure) address as a substring (for example
> "PGP.Jill.Ramonsky at Aculab.com"). Will this work? I don't know enough about
> keyservers to know the answer to that one.
I don't know about all pgp key servers, but the one I am familiar with
searches on whatever text you have added to the data packet with your public key,
as well as on signers and other things.
It would be feasible to create a PGP-only (or -mostly) email alias,
make that the sole email address in your key stored in pgp key servers.
On the other hand, on the particular key server I am familiar with,
_all text_ you put in the trusted data can be discovered. Other key servers
may have additional controls.
If you have ever had a key stored in such a key server with many addresses
you do not want discovered, it is very difficult (probably impossible)
to rectify this problem; revocation does not solve it.
I have no idea how important a source of email addresses this
represents; maybe someone has some empirical data on that.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list