On Feb 26, 2010, at 12:04 PM, Robert J. Hansen wrote:

>> In some cases, the authorities knowing an individual used encryption
>> could be a problem.
> 
> Why?  Because they have a key on the keyservers?  If this is what you're
> worried about, rest easy: there are so many easier ways to learn whether
> someone uses encrypted email that I can't imagine competent
> law-enforcement searching the keyservers.
> 
> For instance, in the United States the authorities can get your email
> headers without a warrant.  That means to, from, subject, routing
> information, and all the kluges.  Check the kluges on this email and I'm
> pretty sure you'll see kluges related to Enigmail.  Presto, at that
> point people know I'm using a crypto-aware MTA.

Do you really mean to suggest that a US authority getting email headers - even 
without a warrant - is easier than typing a name into a search box on a 
keyserver?  No question that the authority *can* get such headers, but I 
question the "easier".  Have you read the various (leaked) guides the ISPs have 
for delivery of such materials?  They are fascinating, but in no way speedy.  
I'd expect a truly competent law-enforcement agent would get both - order the 
requested material from the ISP, and while he's waiting for delivery, take the 
20 seconds to search a keyserver.  (Of course, all this assumes that we're 
presuming guilt-by-encryption, or at least suspicion-by-encryption, which I 
don't really buy in any event).

In any event, Rob, could you do me a huge favor and clarify what statement you 
are trying to make here?  Jumping into a mail thread late is always fraught 
with misunderstanding, but, I've re-skimmed the thread, and I'm honestly still 
not sure what you're trying to say.

It seems (and I could be utterly wrong), that MFPA is saying "Not everyone 
wants their key on the keyservers, so please don't automatically send other 
people's keys there.  If the key owner wants the key on the keyservers, he'll 
send it himself."  You seem to be saying "This is not based on good logic as I 
see it, and therefore....  (something)."   What's the "(something)"?  That you 
reserve the right to send other people's keys to the keyserver?  That it's 
foolish to request that other people don't send them?  Something else?  Or 
perhaps I mischaracterize both your and MFPA's positions.

What am I missing here?

David


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to