On Fri, Jul 06, 2018 at 10:54:20PM +0200, Wiktor Kwapisiewicz wrote: > >Your other points are all reasonable, and like I said, my opposition > >to the feature isn't strong--but you didn't change my mind either. :) > > Yes, I can see that, but it's hard to change your opinion that > e-mail privacy is a lost cause in just a couple of e-mails.
I've thought extensively about it, and (I hope it's clear that) I'm fairly well versed on the topic, so I think it's extraordinarily unlikely you could change my opinion with any number of e-mails... ;-) But I suppose anything is possible. > Mind me asking why do you put your key ID in e-mails if you're > opposed to encrypted communication? Well... It's been there for decades. Quite literally. I was once an avid user of encryption. But it's also there for digital signatures, and so that if people really, really want to e-mail me directly, rather than respond to me on some list I'm posting on, there's a way that can be possible... if they're a little bit clever. > >It's actually worse, because it leaks whom you are actually sending > >messages to, rather than from whom you're receiving them... > > If you're sending e-mail to u...@example.com and do a WKD query it > would reveal that only to example.com. But you're sending the e-mail > there so that user (or their server admins) would already know that > after you send that e-mail. False. It would also potentially reveal that to anyone who was operating any part of the network in between your endpoint and the example.com endpoint, as well as anyone who was able to subvert some aspect of the example.com domain (its DNS, the webserver, etc.) by MITM attack or similar. Or... other things. That's a big part of the danger here... You could retrieve a key that you think is for someone you know, when the request has actually been intercepted by, say, someone operating part of AT&T's backbone, and served a key of the attacker's making. *I* would not fall into such a trap, because I will not rely on the privacy of encryption to such a key until I have personally verified it, and it seems as though you would not fall into it either, based on at least web of trust... But I'm extremely confident that a percentage of users would be fooled by such an attack, and may in the process give away the keys to the store, so to speak. However the mere revelation of who is receiving my messages can be just as dangerous, depending on the type of correspondence I'm having. For example, if I were a political refugee trying to secure my safe passage to a different locale with a more friendly regieme, the unexpected automatic key retrieval, intercepted by the people I were running from, could be enough for them to find me and kill me. This is an extreme example, but this is one of the things which might genuinely justify the use of encryption. But, in fact I am not--I'm just an average guy where I'm from. Frankly I never say anything in e-mail that I would not say loudly in a crowd of strangers, so... encrypting my mail is really pointless. :) For truly sensitive communications, I will find a different way, as suited to the specific circumstances. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgp90wZxouUmp.pgp
Description: PGP signature