[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol
tom at ritter.vg
Thu Aug 28 20:07:51 PDT 2014
On 28 August 2014 16:29, Mike Hearn <mike at plan99.net> wrote:
>> Sorry I wasn't more clear. I was referring to the fact that the
>> directory would be openly publishing a list of everyone's email
>> addresses. Even if you hash them, they're pretty trivially invertible.
> Ah right. I don't think that aspect is a big deal. Given that spammers have
> shown an ability to successfully invert tens of millions of user passwords,
> I can't worry too much about them inverting a hash of a public address.
> Hashing is still valuable though. Otherwise you'd get marketing people
> worrying about people publishing lists of obviously phishy accounts and
> embarassing the company, or people managing to locate the personal addresses
> of celebrities by analysing account names etc.
Hashing may be desirable, but it is not without it's problems:
- Case insensitivity
- Arbitrary suffix after a metacharacter (gmail's
tom+whatever at gmail.com potentially being the most well known)
- Arbitrary metacharacters for the suffix (qmail's default is a - I
believe, but you can make it anything)
- gTLDs in unicode vs punycode
More information about the Messaging