[messaging] confidentiality trumps authenticity was: OpenPGP Trust is broken Was: On Signed-Only Mails

Phillip Hallam-Baker phill at hallambaker.com
Thu Dec 8 11:05:36 PST 2016 

On Thu, Dec 8, 2016 at 1:20 PM, holger krekel <holger at merlinux.eu> wrote:

> On Thu, Dec 08, 2016 at 10:47 -0500, Phillip Hallam-Baker wrote:
> > The authorities don't usually care about the content of communications.
> If
> > Alice is a dissident and they know she has talked to Bob then its twenty
> > years in the gulag for Bob regardless of what the messages say.
>
> If it's all about metadata why do so many "authorities" criminalize
> or try hard to prevent end-to-end encryption?
>

​That gives them a pretext for an arrest.

In the case of Comey, he can't arrest his political opponents but he can
damage their activities.​



> > [...]
> > But availability is still king and integrity is still queen. What those
> > people are risking their lives to do is to get the information ​out. That
> > is an availability concern.
>
> I consider getting information out to public circles orthogonal
> to enabling encrypted group or 1:1 communications.
>

​Getting information out, circulating it is what makes change happen.

Encryption is useful but Availability is King and Integrity is Queen.​



> > [...]
> > RFC7435 is talking about preventing mass surveillance. And that is a
> > confidentiality problem. OpenPGP is not designed to prevent mass
> > surveillance, ​and there are few tools less suited to that task than
> > OpenPGP and S/MIME. Other than sending an email to the NSA saying 'look
> at
> > me', I can't think of anything more likely to label you as a risk than
> > sending encrypted messages in an unencrypted transport.
>
> Being the odd one who encrypts makes you stick out, sure. Which is why
> i think mail encryption needs to become more widespread.


​Yes and that is a fine goal. But security is a property of systems and I
am not going to want your end to end encrypted messages carrying
potentially harmful attachments unless I know who they are from.​
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20161208/b9863cbd/attachment.html>

More information about the Messaging mailing list