[messaging] confidentiality trumps authenticity was: OpenPGP Trust is broken Was: On Signed-Only Mails
holger at merlinux.eu
Thu Dec 8 10:20:09 PST 2016
On Thu, Dec 08, 2016 at 10:47 -0500, Phillip Hallam-Baker wrote:
> The authorities don't usually care about the content of communications. If
> Alice is a dissident and they know she has talked to Bob then its twenty
> years in the gulag for Bob regardless of what the messages say.
If it's all about metadata why do so many "authorities" criminalize
or try hard to prevent end-to-end encryption?
> But availability is still king and integrity is still queen. What those
> people are risking their lives to do is to get the information out. That
> is an availability concern.
I consider getting information out to public circles orthogonal
to enabling encrypted group or 1:1 communications.
> RFC7435 is talking about preventing mass surveillance. And that is a
> confidentiality problem. OpenPGP is not designed to prevent mass
> surveillance, and there are few tools less suited to that task than
> OpenPGP and S/MIME. Other than sending an email to the NSA saying 'look at
> me', I can't think of anything more likely to label you as a risk than
> sending encrypted messages in an unencrypted transport.
Being the odd one who encrypts makes you stick out, sure. Which is why
i think mail encryption needs to become more widespread.
More information about the Messaging