-----BEGIN PGP SIGNED MESSAGE-----
I think he meant: is it realy nessessay that the keyserver
present that much id's matching (including all signing id's), or
...
Additionaly I would add: Is it realy nessessary to allow
three-letter search-patterns? If I search for a key, I should
Agreed. It is hardly necessary that any keyserver provide a "verbose"
lookup; some keyservers don't, and some only provide limited
information. Many keyservers only match on full "words", not
arbitrary substrings. Many limit the number of hits returned in
one query. These are all fine restrictions.
That said, it wouldn't be hard for a determined harvester to
get most of the meaningful addresses out of a keyserver.
All the names within a (less-than-huge) domain can be
retrieved by querying on that name.
Yes, I suppose you could require complete, exact matches for
the material within angle-brackets. I wouldn't find such
a keyserver very useful.
If I really wanted to harvest the keyserver contents, I wouldn't use
the query interface at all. A couple of keyserver operators make
snapshots of their keyrings available for synchronization. Even if
they weren't, I could pose as a keyserver operator and ask for someone
to give me a snapshot to get started. Or, I could use the e-mail
interface that many provide to get recent updates.
Whatever your solution, you'd have to convince all of the synchronized
keyserver operators out there to adopt it if you want to protect the
existing "public" keyring. To do that, I expect you'd have to
demonstrate a greater threat. As Len pointed out, it doesn't look
like one has materialized yet.
But if anyone wants to build a "safe" keyserver that doesn't
synchronize (outbound) to the "unsafe" servers, they're welcome to
do it.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBO4FCHmNDnIII+QUHAQHjgwf6Ap14fpaTA36kcbd00SNX6cuEo21+vGJM
9wXKn7qt7tq7rhdZOP9EZYpB+3ce6BcoQmJv7kspJhIF+z9ym6NeF4GHl8JqLPEQ
0bJf8PyaU2bU/WtRmvzMVH+dBaf2DPAioW6fPDPLRREx3hgvxiPz2LV5wMJeKUz8
fMAhn52yfzc1Y33wgiX1TDEDNfDOWQD8893cKmvck1sYMCFd0BuLdgM8+XWLqhCE
g2p/kbtKqUK9ZQmKVXpWYssJEME/dJCaphCYWXE0rwhuBwxpPLKAnL8XLIwelx/Q
85JMvVFmNxqtViLj4wzK0PbBPdmDVUila0T6cK2xdM5w7ICj7cMDqA==
=dnnq
-----END PGP SIGNATURE-----