On 2015-09-20 12:58, Phil Stracchino wrote: > A Privacy red-flag is a little harder to quantify. About the only case > I can think of is if a message is encrypted, but with a key that has > been revoked or does not match the claimed sender. But this should > probably be considered an Authenticity failure.
No, actually you were right the first time. Authentication is based on the integrity of the SENDER'S private key. Encryption is based on the integrity of the RECEIVER'S private key(s). So, if I send a signed, encrypted message one or more recipients, one of whom has a compromised key, the message may well be authentic (which we can verify if the sender's key is trusted), but an attacker may be able to read it. I could certainly imagine this happening if someone sends you a message encrypted using an old public key of yours that you happen to know is compromised, because the sender is not aware that it is compromised / revoked. (In fact, privacy is the only state that can change after the fact. If I send you a message and it is authentic, that is a past event that cannot be changed. If an encryption key is compromised, a message that was previously private may no longer be private.) > Should a message that is encrypted but unsigned be considered an > Authenticity failure - or at least an authenticity warning? Encrypting a message and authenticity (signing) are orthogonal; ergo, whether or not a message is encrypted should not affect reporting of authenticity. -- Matthew _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
