On 2014-11-18 at 10:43, Nan wrote: >> If you're running the mailserver and you can decrypt my secured messages, >> then there's >> nothing preventing the federal government from serving you with a subpoena >> saying, >> "please hand over the encryption keys." > > I agree. A third party should never handle the filtering of mail. If > my email is n...@mygroup.org, then mygroup.org handles the encryption, > decryption, spam filtering, etc.
mygroup.org is a third party. mygroup.org is static. mygroup.org is a different person than nan. mygroup.org can be corrupted, menaced or cracked. nan will not know. >> The only person who can be trusted to do the decryption is the end user, >> running on hardware the end user directly controls. > > In an ideal world, yes. But after 20 years of recommending > user-to-user encryption, it's clear most users can't or won't. Context changes. 20 years ago fascism weren’t raising again at this rate, petrol wasn’t at a decade of ending, and Snowden didn’t made his revelations. It doesn’t mean it’s impossible but it means we were doing it wrong. The GNUnet philosophy of “just prepare the change of roughly everything, make all the simplest possible and do a lot of philosophical/political education” seems the most utopic, but also the more realist to me. > As Bruce Schneier says, "If there's anything PGP has taught us, it's > that one click is one click too many." Experts can still encrypt any > messages they want individually. We can't leave the rest of us > unprotected. Within MUA such as ClawsMail, Thunderbird, etc. you don’t need a click, just a configuration. Within networks such as GNUnet you don’t need a configuration, just a “registration”, “connection”, “installation”, or wathever you call it. Your adress is your public key, on computer it can be the nick associated in a signed entry within DHT possibly with a vizhash, and physically it’s a QRCode. Nothing more simple. It’s actually simpler that the current unencrypted internet. And as it were said, to gain freedom sometimes you need an effort. If you consider it pointless, you deserve to remain a slave. >> I care very little about what happens to corporations. > > I agree again. I'm much more concerned about human rights groups and stopping > mass surveillance. Making authority nice? Teaching people freedom is not utopic, making authority nice and respectful is. >> You're still talking about destroying the antispam experience of end-users. > > The group's mail server handles spam, viruses, etc., just like it does today. > No change for the user. Yes, no. any. change. Unfortunately.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
