Re: Trusting other keys a message was encrypted to

2015-11-07 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Saturday 7 November 2015 at 2:01:38 AM, in
,
Kristian Fiskerstrand wrote:


> [Sent from my iPad, as it is not a secured device there
> are no cryptographic keys on this device, meaning this
> message is sent without an OpenPGP signature. In
> general you should *not* rely on any information sent
> over such an unsecure channel, if you find any
> information controversial or un-expected send a
> response and request a signed confirmation]

At least that's better than the usual line from such devices, which
reads more like an advert than a warning. (-;



> I'm not really sure if I understand what this would
> protect against; The sender can send the information in
> multiple emails, even forward it unencrypted without
> you having any control of it.

Yes, anybody who was a party to the communication can share the
information outside of the encrypted messages that were exchanged. We
can't do anything about that, so should not worry about it. We should
only worry about the security of the specific messages that we send or
receive.

For messages we send, in your own words "You should encrypt only to
keys you trust". That is an active measure controlled by the sender.

For messages we receive, we cannot control which keys were included in
the encryption list. But we *could* check to see if any of them gives
us cause for concern. Maybe there is a good reason this check is not
currently done. The fact that information is available and *could* be
used does not mean it necessarily *should* be used.


- --
Best regards

MFPA  

Penguins are not to be trusted, especially those who listen to organ music.
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJWPdwrXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwsxAH/3YvXP+TFANx/ZNbPef9/u3E
vdr6xP/8t2LKlGtJJAPEzT4SN0fgLJu+fhtVnhgNp+ECQGUFpUST8f4Ph9aHGuyX
oxJ1NnLcRB/mcVscGCbLvTSv9KJgwjfCKR99kZnssV1/Na/iCIaMH1U+9QhvRzDD
u9MwaVxw4iUxWPnU1w/BpAboVZh7n+KJ3v9AwaBgxZxEXoL53z657t4c0b2Ck9tQ
PLQhZP/9906NaEseRG7tE426aejMFEKoUDuzxhITzcRpn1DDZRzld2jJTtN4Edep
NsIRXkeFr86i0fU91eHBWzMXcH9bOwoyaiBqlNrVgizznlPqMvgZEApjtOpfANuI
vgQBFgoAZgUCVj3cMV8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45FSrAP4xmrcp4uNk4TLmDS98EV+5/Hzz
r3EWqBHjCtJpKh95kgD8DuXpTI7Ymavvn87Qw1s4XPoaAVzsu6pr2oHRT8mUCgc=
=XjXp
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Trusting other keys a message was encrypted to

2015-11-07 Thread Daniel Baur 
Hello,
Am 07.11.2015 um 12:10 schrieb MFPA:
> But we *could* check to see if any of them gives
> us cause for concern. 

I don’t really understand what is the earn here.

If I send a encrypted message to you and EvilPerson (together in the
same eMail), you receive the email and gpg would warn you “Heh, you
don’t trust EvilPerson!”: What would improve? The EvilPerson received
already the email, neither you or I could do anything about that.

Sincerely,
DaB.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Trusting other keys a message was encrypted to

2015-11-07 Thread MFPA 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Saturday 7 November 2015 at 12:30:53 PM, in
, Daniel Baur wrote:


> I don’t really understand what is the earn here.

> If I send a encrypted message to you and EvilPerson
> (together in the same eMail), you receive the email and
> gpg would warn you “Heh, you don’t trust EvilPerson!”:
> What would improve? The EvilPerson received already the
> email, neither you or I could do anything about that.

Having it flagged up to me that "EvilPerson" can also read the message
may cause me to act differently in response to the message contents,
or to act differently in future dealings with the sender.

- --
Best regards

MFPA  

Wise men learn many things from their enemies.
-BEGIN PGP SIGNATURE-

iQF8BAEBCgBmBQJWPjWXXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXw5OcIALwgZcLRl11WG1mwyuzjmW8i
reaIKU13/9jNnak8DE2lYqYiirC8NNYsKfG1s8PJGms703BXnSkjXAw+2Rj9X09C
pkQonXSDXCJ5LwkNEj0ehQKR9rOleIA+ma3tg8JoMeYAn9cYKdXmXpBrXgvZ5Cmz
daxcAi0mumVw+7jnxJdiG9PJQy6l0tBHX7D9KMc043NRO7WdO7BX/JPk+7PBzIT6
nFADysQTMNmgKgITcNU3kwcH64CwnLlig51Z7OZdYzPv07zP71WnU221beywHsp2
LsNg9qriHxFbq0cuYskOQAPhdinb+24jphLtdHklBugUsZD2mrFtd9/a3g/DlQiI
vgQBFgoAZgUCVj41nl8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45AZwAP9IEA1+RlGR3wfdBNFqyZZlB5Y8
ZdNG5YS8V0G40YUtGAD7BuRH1mpSrihVOQBFhBR22DGZS5NaVt8Pws6KqwMyNgA=
=hwsr
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users