-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 06.03.2015 um 21:37 schrieb Phil Stracchino: > On 03/06/15 15:16, David wrote: >> I am confused by this request. What difference does it make if >> 'someone else' knows whose public is on your public keyring? > > If they know whose public keys are on your keyring, they know who > you talk to. You may not wish them to know this. Depending on who > you are and who you talk to, their knowing it could be very > dangerous to you.
That is what I mean. Security is a matter of cost and benefit. Against an adversary who can monitor all global smtp traffic, this would not make a difference, because such an adversary already knows who everyone is connected to. But there are not many of these. Less capable adversaries probably know only a fraction of the metadata flying around. To these, when such a feature is in effect, compromising a keyserver or its traffic would be a cost-effective way to learn many communication relationships. When you want your communication partners to use a new key of yours, why wait until they notice or poll a server? Why not tell them immediately? Seems like a client-side, key ring management job to me. If a mail client or key store notices an expired or superseded key, it might offer or at least suggest to notify the relevant communication partners. Rainer -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJU+kAUAAoJEI/iM7d3pEsvUTEP/ilY8FfzPF+xDBdBqFRT8U9Y mETqUNHgMgbz9kCUbDUT/jGTgRM+aFw1uK5u0XCFAXkAt/tq8YVzStiarF0DRxJJ FSaoZR3W4ROxp4PpLQCrBtWWFN0s6lQVJ+9dI/f6cunLJHUl4ReODQo3sN94pcPG DJIw2X1kwoMYv2hadX51WN7W1u/9yyDQxLe9MsPADeWPpmlKZIWqs5m4KqyNym2B W9gcNE50z/4y/BqnNcF23jXxsifw7ko7x3iATVaDIoZ54IgghikxSXH46oNt4KVf BKvPEQajM+trAC4HQfX2eX1W96CufHZV+NgGx5mJdgXQAVxk/WFPsku2i8BnjfT8 FCietKBsgNzl4WqdItNu0ZqBRt7+5jt6wBbbMYlkkmcAWiGtlxaQGveTDZBQ1f7h r0EzlVVYHh9yLgwyGeJ4slW9727Bx9RcbpWyw9cK6oqgnCDrpc5e4psovbmfFtXw /bt9TVf0fbl2Q3zBiTRdqebRa6nB2dG4uAm5zjY6qSRrfWMWNEBT7RuNUDVIz6vn 09frYwaVJ0OpDB6al2fidfd9lP9n+i9kan4qTOM1cJFFOG0VU2kTt+3/ggRQkaJj k1jt59t1xHdaNsJGWBFp3oBjUBRyIDxU1+Y7pMbhzICcRZLzox2zu72FJeUrL6Lz Tkawo3PXC5L+9B6yKMEx =5OaT -----END PGP SIGNATURE----- _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
