From: "Michael Helm" <helm(_at_)fionn(_dot_)es(_dot_)net>
Could keys and keyservers be configured [optionally] not to
present email-like id's?
Not without almost completely impairing their use. Yes, it
would be easy to turn off name-based lookups, and/or discard or
alter UserId packets. But...
?
I think he meant: is it realy nessessay that the keyserver
present that much id's matching (including all signing id's), or
wouldn't it be sufficient to only present the hits (where the
the addresses of those signing the key are only revealed by
dowloading that whole key)?
Additionaly I would add: Is it realy nessessary to allow
three-letter search-patterns? If I search for a key, I should
know the full name (or email address) of the owner (else I
couldn't communicate with that person even without signatures).
Only if NO hit is found, a search for similar key-IDs should
be performed and only the nearest should be revealed.
With such a configuration a keyserver could not be abused as an
address data base.
--
Dominikus Scherkl
Biodata Application Security AG
mail: Dominikus(_dot_)Scherkl(_at_)Biodata(_dot_)com