-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 04.06.14 18:50, Suspekt wrote: > (...) Too bad, considerung that a refresh of your keys will allow > an attacker to get information about your social network....
Well, you always have to trust the people involved starting from the point where information is available as cleartext. Consider you're using pool.sks-keyservers.net, and even you're using hkps protocol, you have to trust _every_ party running a the keyserver of the pool to not misuse the information disclosed by your requests. That's virtually impossible. Every interested adversary could join the pool using a dummy and harvest a certain amount of requests. Certainly, it would take a long time, but it would get almost full coverage of requests of all key updaters over months and years. In this scenario hkps is not saving you a lot, compared with hkp. The only way out of that would be either a trustworthy friend running a keyserver within or synchronized to the pool or doing that yourself. Only then the encrypted connection of hkps is a really big help. Ludwig -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (Darwin) iQEcBAEBCgAGBQJTj1tRAAoJEA52XAUJWdLj16UIAIIaMAguo54tSNvch7sycrW6 J3Ysr258NQew+VbM2aCpAb84IShGBstGKgpseAf0ao/buXgAd3k5fBHprvfFUwI0 HQWHr6cxuAArfT9ayNAOzvoorVpieZo2S1cBo056hK1Q2zzI6UGSjgUoXumBduZK nBEVR5A3SBDhXqY1CXIhKg2dkCggpYlDxvA1HRBv7dNBiKBrA7C05uoj7TdtIt+G RpnuXahiu7kzM+YsUrTmTaHGb4AQddKcbNT3oJXkKmVDJz8GCsFkvsusO3Inwc5I aX021DmcyjMmBWBogFz8D8iaLakF3svFj7imlje5izVUPkmj0UZmL5JcWhpTHts= =Uq2a -----END PGP SIGNATURE----- _______________________________________________ enigmail-users mailing list [email protected] https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
