You always have to trust someone.
I think it's not about making surveillance impossible but making it
expensive (figuratively and literally).
Daniel
Am 04.06.2014 19:45, schrieb Ludwig Hügelschäfer:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 04.06.14 18:50, Suspekt wrote:
(...) Too bad, considerung that a refresh of your keys will allow
an attacker to get information about your social network....
Well, you always have to trust the people involved starting from the
point where information is available as cleartext.
Consider you're using pool.sks-keyservers.net, and even you're using
hkps protocol, you have to trust _every_ party running a the keyserver
of the pool to not misuse the information disclosed by your requests.
That's virtually impossible. Every interested adversary could join the
pool using a dummy and harvest a certain amount of requests.
Certainly, it would take a long time, but it would get almost full
coverage of requests of all key updaters over months and years.
In this scenario hkps is not saving you a lot, compared with hkp.
The only way out of that would be either a trustworthy friend running
a keyserver within or synchronized to the pool or doing that yourself.
Only then the encrypted connection of hkps is a really big help.
_______________________________________________
enigmail-users mailing list
[email protected]
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
