Adam Shostack writes:
Who cares if you can read messages encrypted to the key or not? Let everyone connect and download whatever messages they want to see. They're encrypted, after all.
Two reasons. One, it cuts down on traffic. Why bother to waste the server's bandwidth on something the client can't read anyway. The only possible reason someone could be asking for the data is because they're trying to compromise the key or do traffic analysis. Why help bad guys? Second, there's no reason the messages need to be encrypted. The server can accept messages addressed to *any* string of eight hex digits, and doesn't care about the content. The server needn't limit the kinds of encryption used in the actual message. It only cares that the recipient is "really" (in some sense) the right reciever. The original mental prompt for the idea came from the discussion of the "key-is-the-person" model. I was trying to devise a scenario where it was possible to know of an entity only through his key, and came up with this. I also included the idea that messages signed by the key would be forwarded by the server after being pseudonymized to the keyid. That way, the user could participate in mailing lists purely identified by the key.