On 03/23/16 07:13, Jérémy Bobbio wrote: > Refreshing a full keyring has the downside that it exposes the entire > keyring at once to the keyserver. I know GnuPG doesn't try very hard to > hide metadata, but this one expose the social graph in a quite > identifying manner as it's unlikely that two users will have the same > keys in their keyring. > > These are the concerns that lead to the design of Parcimonie: > https://sources.debian.net/src/parcimonie/0.9-3/design.mdwn/ > > Could Enigmail reuses some of these ideas? Or warn users that it might > be a problem? Or at the very least this could be disabled when TorBirdy > is installed.
With no disrespect intended, does anyone here actually believe that a hostile agency which has the ability to snoop your http traffic, and is actively monitoring either you or the keyserver network in general, is not going to be able to correlate Parcimonie's staggered/scattered update requests back to you? Consider in your reply that it is already known that the Tor network has been, according to relevant three-letter agencies, fully penetrated. -- Phil Stracchino Babylon Communications [email protected] [email protected] Landline: 603.293.8485
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
