Jacob Bachmeyer via Gnupg-users <[email protected]> wrote: > ADKs seem particularly valuable to me as a solution to the "group inbox" > problem that avoids actually sharing private key material: simply > attach encryption subkeys for all recipients to the "group inbox" > certificate. This requires publishing new certificates when the > recipient list changes and discloses the recipient list to some extent, but > that is the trade-off for end-to-end security in this context. Could a > "--notify-ADK-encrypt" option that could be placed in the configuration file > be appropriate to address user concerns about possible improper proliferation > of ADKs? Should a notification that an ADK was used actually be default? > After all, there are legitimate uses for ADKs, but an ADK turning up where > not expected could be a strong hint that you have a bogus certificate.
That would be really useful for [email protected] I'm unclear if this is a new feature (I think so), and if so what happens if the sender hasn't upgraded yet? > I would also note that, for a work email system in an environment where there > is a legal or quasi-legal requirement (not uncommon in finance) to archive > messages, simply dropping any incoming message not decryptable with the > archive ADK as spam would be reasonable. Since the primary concern > motivating message archival in this example is deterring insider trading, > simply not allowing unreadable messages to be delivered accomplishes the same > objective. Yes, reasonable. OTH, the emails investigating the insider trading by the HR people might need to avoid the ADK.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
