[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol

Tom Ritter tom at ritter.vg
Thu Aug 28 20:07:51 PDT 2014

On 28 August 2014 16:29, Mike Hearn <mike at plan99.net> wrote:
>> Sorry I wasn't more clear. I was referring to the fact that the
>> directory would be openly publishing a list of everyone's email
>> addresses.  Even if you hash them, they're pretty trivially invertible.
> Ah right. I don't think that aspect is a big deal. Given that spammers have
> shown an ability to successfully invert tens of millions of user passwords,
> I can't worry too much about them inverting a hash of a public address.
> Hashing is still valuable though. Otherwise you'd get marketing people
> worrying about people publishing lists of obviously phishy accounts and
> embarassing the company, or people managing to locate the personal addresses
> of celebrities by analysing account names etc.

Hashing may be desirable, but it is not without it's problems:

 - Case insensitivity
 - Arbitrary suffix after a metacharacter (gmail's
tom+whatever at gmail.com potentially being the most well known)
 - Arbitrary metacharacters for the suffix (qmail's default is a - I
believe, but you can make it anything)
 - gTLDs in unicode vs punycode


More information about the Messaging mailing list