Tim Libert writes: > thanks all for the many good suggestions! however, in absence of a clear > consensus, I will advise my friend to avoid voice and stick to encrypted > email. my understanding is that the new leadership in china isn’t f#cking > around, so the risk/reward equation here suggests heightened caution - > especially as I cannot make assumptions on technical know-how of parties > involved.
A countervailing point is that encrypted e-mail with the mainstream technologies used for that purpose never provides forward secrecy, while most voice encryption techniques do. So with the use of encrypted e-mail, there is an ongoing risk into the future (assuming that a recipient's private key still exists somewhere), while with the voice encryption, the risk may be time-limited -- assuming that the implementations were correct enough, and that the key exchange was based on a mathematical problem that will remain hard for an attacker. As a simple analogy, sometimes people prefer to have a phone call about sensitive matters because it doesn't "create records", while writing a letters would "make a paper trail". The technical reasons behind the analogy don't transfer at all, but there might still be something to the intuition that the encrypted phone call can be more ephemeral than the encrypted mail. -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
