Jacob Bachmeyer via Gnupg-users <gnupg-users@gnupg.org> wrote:
> ADKs seem particularly valuable to me as a solution to the "group inbox"
> problem that avoids actually sharing private key material: simply
> attach encryption subkeys for all recipients to the "group inbox"
> certificate. This requires publishing new certificates when the
> recipient list changes and discloses the recipient list to some extent,
but
> that is the trade-off for end-to-end security in this context. Could a
> "--notify-ADK-encrypt" option that could be placed in the configuration
file
> be appropriate to address user concerns about possible improper
proliferation
> of ADKs? Should a notification that an ADK was used actually be default?
> After all, there are legitimate uses for ADKs, but an ADK turning up where
> not expected could be a strong hint that you have a bogus certificate.
That would be really useful for secur...@example.com
I'm unclear if this is a new feature (I think so), and if so what happens if
the sender hasn't upgraded yet?
> I would also note that, for a work email system in an environment where
there
> is a legal or quasi-legal requirement (not uncommon in finance) to archive
> messages, simply dropping any incoming message not decryptable with the
> archive ADK as spam would be reasonable. Since the primary concern
> motivating message archival in this example is deterring insider trading,
> simply not allowing unreadable messages to be delivered accomplishes the
same
> objective.
Yes, reasonable.
OTH, the emails investigating the insider trading by the HR people might need
to avoid the ADK.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
