[messaging] confidentiality trumps authenticity was: OpenPGP Trust is broken Was: On Signed-Only Mails

holger krekel holger at merlinux.eu
Thu Dec 8 10:20:09 PST 2016


On Thu, Dec 08, 2016 at 10:47 -0500, Phillip Hallam-Baker wrote:
> The authorities don't usually care about the content of communications. If
> Alice is a dissident and they know she has talked to Bob then its twenty
> years in the gulag for Bob regardless of what the messages say.

If it's all about metadata why do so many "authorities" criminalize
or try hard to prevent end-to-end encryption?

> [...]
> But availability is still king and integrity is still queen. What those
> people are risking their lives to do is to get the information ‚Äčout. That
> is an availability concern.

I consider getting information out to public circles orthogonal 
to enabling encrypted group or 1:1 communications.

> [...]
> RFC7435 is talking about preventing mass surveillance. And that is a
> confidentiality problem. OpenPGP is not designed to prevent mass
> surveillance, ‚Äčand there are few tools less suited to that task than
> OpenPGP and S/MIME. Other than sending an email to the NSA saying 'look at
> me', I can't think of anything more likely to label you as a risk than
> sending encrypted messages in an unencrypted transport.

Being the odd one who encrypts makes you stick out, sure. Which is why
i think mail encryption needs to become more widespread.  

holger



More information about the Messaging mailing list