[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol

Nathan of Guardian nathan at guardianproject.info
Fri Aug 29 11:38:04 PDT 2014



On 08/29/2014 01:13 PM, Adam Langley wrote:
> On Fri, Aug 29, 2014 at 8:24 AM, Ben Laurie <ben at links.org> wrote:
>> > I am failing to figure out what SPAM problem you think there is -
>> > could you elaborate?
> I believe it's that a log of email address -> key mappings contains a
> lot of email addresses, which could be harvested and spammed.
> Additionally, email addresses are sufficiently predictable that even
> hashing them likely leaves most vulnerable.

SPAM in this case could also include socially engineered mass mailings
with malware attachments, such as what has been seen by the Tibetan
activist community after someone's infected inbox has been harvested.

+n


More information about the Messaging mailing list