On Tue, Feb 19, 2008 at 1:23 PM, David Picón Álvarez <[EMAIL PROTECTED]> wrote: > > I know that ADK can be circumvented by a determined attacker, but it > > strikes me as a useful feature, and I have never quite understood the > > opposition to it. It would have made encryption more palatable in > > corporate settings, which surely would have been a good thing! > > IMO there are two possibilities: 1) your users are forgetful but honest, 2) > your users are dishonest. > > For case 1, an equivalent of ADK can be obtained with a line on GPG's > configuration file. > > For case 2, you are screwed, and ADK is only going to give you a false sense > of security. > > Thus ADK is either pointless or unnecessary.
This just simply isn't true. Putting a line in a config file may be fine for internal mail, but does nothing to help you to be able to decrypt mail sent from outside your organisation. It also locks everyone into using gpg - I thought the whole point of gpg / opengpg was to be inter-operative. Secondly, there might be any number of reasons why a user might not be able to give you access to a key. He might be incompetent, he might be unexpectedly ill or worse. And so on, and so forth. But my real point is this: gpg in most areas says "This is a tool. Your threat models will vary, and we give you a tool which you can deploy". But in the area of ADK, even when for years people have said on this list and elsewhere, "ADK would help with the threat/organizational model we have", GPG refuses to help. "alter your config file" solves (at best) half of the problem. There may be very good technical reasons why ADKs are a bad idea, but I've never seen them explained. There was, I know, an attack on PGP which relied upon them a while ago, but IIRC that bug was easily fixed. Best wishes, N _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
