On 26/11/16 01:17, Carola Grunwald wrote: > > WME encoding, remailing and nym handling are done completely at the > proxy. You can use any, even the most primitive PGP-unaware MUA to send > and receive standard mail and Usenet messages, crypto and anonymization > capabilities are provided by the proxy.
I understand how this would be useful for people with limited clients, but is it really worth it to worry about disclosing metadata at the server when you're leaking plaintext at the client? I was assuming that the end user would have a PGP-capable client. In the case where the end user does not have PGP, would it not be safer to use webmail over TLS? At least you won't leak plaintext... > By signing all WME messages of all your nym accounts with an identical > key, your imaginary proxy server key, you disclose that all of them > originate from the same server. Doesn't the return path leak this info anyway? Unless you're talking about one-shot messages with no return path, in which case why sign at all? A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
