On 7/24/24 10:57 PM, Jayesh Badwaik wrote:
Dear Quentin,
I wish you luck for your application. I'm just a Arch user with no background in security and I'm not really qualified to judge the application. So, this is a question rather than anything else. Your username is quite kind of obfuscated. My naive intuition tells me that this is bad security practice because it would be quite expensive and error-prone to verify if a user I've received a mail from is indeed you or someone who's username is slightly different from you. Is my intuition right or wrong? If wrong, why is it wrong?
Thank you.
Hi, This is (one of the reason) why we require GPG signing. The username itself isn't bulletproof, but the GPG signature is ;) -- Regards, Robin Candau / Antiz