On 2018-07-06 17:50:59 -0500, Derek Martin wrote: > On Fri, Jul 06, 2018 at 10:54:20PM +0200, Wiktor Kwapisiewicz wrote: > > If you're sending e-mail to u...@example.com and do a WKD query it > > would reveal that only to example.com. But you're sending the e-mail > > there so that user (or their server admins) would already know that > > after you send that e-mail. > > False. It would also potentially reveal that to anyone who was > operating any part of the network in between your endpoint and the > example.com endpoint, as well as anyone who was able to subvert some > aspect of the example.com domain (its DNS, the webserver, etc.) by > MITM attack or similar. Or... other things.
If you fear about that, and this: > However the mere revelation of who is receiving my messages can be > just as dangerous, depending on the type of correspondence I'm having. then, don't use e-mail, because e-mail will not guarantee the absence of any leak of the recipient address. IMHO, the default settings should be what is best for the average user, in particular users who do not have much knowledge of potential security issues. Perhaps the WKD protocol is better than letting the average user decide what to do to retrieve the key: for instance, retrieving it by plain http (not https) is perhaps the worst thing to do. Users with specific needs should be able to configure their software as they need (not just e-mail, as leaks can come from DNS and so on). -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
