[Enigmail] From Circumvention
rainer.blome at gmx.de
Sat Mar 7 01:02:28 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Am 06.03.2015 um 21:37 schrieb Phil Stracchino:
> On 03/06/15 15:16, David wrote:
>> I am confused by this request. What difference does it make if
>> 'someone else' knows whose public is on your public keyring?
> If they know whose public keys are on your keyring, they know who
> you talk to. You may not wish them to know this. Depending on who
> you are and who you talk to, their knowing it could be very
> dangerous to you.
That is what I mean.
Security is a matter of cost and benefit.
Against an adversary who can monitor all global smtp traffic,
this would not make a difference, because such an adversary
already knows who everyone is connected to.
But there are not many of these.
Less capable adversaries probably know only a fraction of the
metadata flying around. To these, when such a feature is in effect,
compromising a keyserver or its traffic would be a cost-effective way
to learn many communication relationships.
When you want your communication partners to use a new key
of yours, why wait until they notice or poll a server?
Why not tell them immediately? Seems like a client-side,
key ring management job to me. If a mail client or key store
notices an expired or superseded key, it might offer or at
least suggest to notify the relevant communication partners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the enigmail-users