-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Saturday 7 November 2015 at 2:01:38 AM, in <mid:6d794d30-c482-4819-9917-e68ee8c0a...@sumptuouscapital.com>, Kristian Fiskerstrand wrote: > [Sent from my iPad, as it is not a secured device there > are no cryptographic keys on this device, meaning this > message is sent without an OpenPGP signature. In > general you should *not* rely on any information sent > over such an unsecure channel, if you find any > information controversial or un-expected send a > response and request a signed confirmation] At least that's better than the usual line from such devices, which reads more like an advert than a warning. (-; > I'm not really sure if I understand what this would > protect against; The sender can send the information in > multiple emails, even forward it unencrypted without > you having any control of it. Yes, anybody who was a party to the communication can share the information outside of the encrypted messages that were exchanged. We can't do anything about that, so should not worry about it. We should only worry about the security of the specific messages that we send or receive. For messages we send, in your own words "You should encrypt only to keys you trust". That is an active measure controlled by the sender. For messages we receive, we cannot control which keys were included in the encryption list. But we *could* check to see if any of them gives us cause for concern. Maybe there is a good reason this check is not currently done. The fact that information is available and *could* be used does not mean it necessarily *should* be used. - -- Best regards MFPA <mailto:2014-667rhzu3dc-lists-gro...@riseup.net> Penguins are not to be trusted, especially those who listen to organ music. -----BEGIN PGP SIGNATURE----- iQF8BAEBCgBmBQJWPdwrXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2 QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwsxAH/3YvXP+TFANx/ZNbPef9/u3E vdr6xP/8t2LKlGtJJAPEzT4SN0fgLJu+fhtVnhgNp+ECQGUFpUST8f4Ph9aHGuyX oxJ1NnLcRB/mcVscGCbLvTSv9KJgwjfCKR99kZnssV1/Na/iCIaMH1U+9QhvRzDD u9MwaVxw4iUxWPnU1w/BpAboVZh7n+KJ3v9AwaBgxZxEXoL53z657t4c0b2Ck9tQ PLQhZP/9906NaEseRG7tE426aejMFEKoUDuzxhITzcRpn1DDZRzld2jJTtN4Edep NsIRXkeFr86i0fU91eHBWzMXcH9bOwoyaiBqlNrVgizznlPqMvgZEApjtOpfANuI vgQBFgoAZgUCVj3cMV8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45FSrAP4xmrcp4uNk4TLmDS98EV+5/Hzz r3EWqBHjCtJpKh95kgD8DuXpTI7Ymavvn87Qw1s4XPoaAVzsu6pr2oHRT8mUCgc= =XjXp -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users