Sorry, forgot to CC the mailinglist on this one.
---------- Forwarded message ---------- From: Tankred Hase <[email protected]> Date: 2015-02-10 10:04 GMT+01:00 Subject: Re: [messaging] TOFU to ease PGP key discovery To: Daniel Kahn Gillmor <[email protected]> Hi Daniel, > Also: have you considered the additional privacy concerns that might > arise when sending mail to someone without a key? That's the part > that's often gotten me tripped up on this kind of approach. If Alice is > sending mail to Bob through such a system, and Bob doesn't have a key > yet, then every e-mail Alice sends is likely to send a query to the > keyserver (or your proxy) announcing "i'm looking to send a message to > Bob!" > > This metadata leakage seems like a not-great situation for a > privacy-preserving tool. How do you intend to mitigate it? That's a valid point. We can't really mitigate it since we need the plaintext recipient address to proxy public key lookups to HKP in our keyserver. But we don't advertise meta-data security or anonymity for Whiteout anyway. Having said that, we don't log any queries to our keyserver, which is something we need to be more clear about in our privacy policy. Tankred -- Whiteout Networks GmbH c/o Werk1 Grafinger Str. 6 D-81671 München Geschäftsführer: Oliver Gajek RG München HRB 204479 _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
