[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Dump
|
From: |
John Clizbe |
|
Subject: |
Re: [Sks-devel] Dump |
|
Date: |
Wed, 13 Oct 2010 22:25:41 -0500 |
|
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.13pre) Gecko/20100914 Mnenhy/0.8.3 SeaMonkey/2.0.9pre |
R P Herrold wrote:
> On Wed, 13 Oct 2010, Christoph Anton Mitterer wrote:
>
>> I guess it would make sense to put a list of all sites providing regular
>> keydumps on the googlecode webiste.
Yes, Chris. It would, especially after losing Peter's site. It would also be
great if we could expand the number of sites offering keydumps so Marco's site
doesn't have to bear all of the traffic.
> just becaiuse something CAN be done does not mean it should be done, and here
> particularly with a fine cache of email addresses intact for spammers to
> target (rather than having to pull them one-off)
Ahhhhh, the perennial keyserver SPAM canard.
Newsflash, it's been done with keydumps. It's probably still being done.
Do you REALLY think spammers pull addresses one-by-one?
Several years ago, keyserver SPAM was a frequent topic on the Enigmail list,
with lots of paranoia and little fact. several of us on the Enigmail team
already knew that harvesting was being done, but we wondered to what extent was
that contributing to the overall volume of SPAM received.
The best we could determine at that time, the volume of SPAM that we could
attribute to keyserver harvesting was indistinguishable from that that resulted
as random noise. You'll get MUCH more SPAM as a result of writing a message to
an email list.
One hypothesis for this is that crypto users are low value SPAM targets, i.e.,
if someone is technically savvy enough to be using crypto, he's also savvy
enough to be blocking SPAM upstream from his INBOX.
> I think you are running around solving a problem that does not exist, and
> impariing the privacy of a whole community's members
Actually, it's a problem that does exist. For a long time, the SKS community had
two sites offering keydumps. One had to shutdown last month, putting all the
traffic onto a single site.
The biggest hurdle to setting up a keyserver is the initial populating of the
nearly 2.9M keys. It's perfectly reasonable to list sources for where to get the
initial data dump at the same place one gets the software. Granted, not that
many actually get SKS from the GoogleCode site -- most are installing a .deb or
.rpm via a package manager, but a central source for tech help needs to exist
and there's not really a better choice than the project's own pages.
Please explain how making available publicly available information is impairing
privacy. That argument sounds a tad too much like "Security by Obscurity" and
the abysmal success of that approach is widely known.
--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:address@hidden
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
- [Sks-devel] Dump, Sebastian Urbach, 2010/10/13
- Re: [Sks-devel] Dump, Christoph Anton Mitterer, 2010/10/13
- [Sks-devel] Dump, R P Herrold, 2010/10/13
- Re: [Sks-devel] Dump, Robert J. Hansen, 2010/10/13
- Re: [Sks-devel] Dump,
John Clizbe <=
- Re: [Sks-devel] Dump, Christoph Anton Mitterer, 2010/10/14
- Re: [Sks-devel] Dump, Jonathan Wiltshire, 2010/10/14
- [Sks-devel] Dump, R P Herrold, 2010/10/14
- Re: [Sks-devel] Dump, Robert J. Hansen, 2010/10/14
- [Sks-devel] Dump, R P Herrold, 2010/10/14
- [Sks-devel] Re: Dump, Robert J. Hansen, 2010/10/14
- [Sks-devel] Re: Dump, R P Herrold, 2010/10/14
- Re: [Sks-devel] Re: Dump, Christoph Anton Mitterer, 2010/10/14
- [Sks-devel] Re: Dump, Robert J. Hansen, 2010/10/14
- Re: [Sks-devel] Dump, Jens Leinenbach, 2010/10/14