On 31/01/2022 22:29, jonkomer wrote:
Confirming it, possibly many years after it has been dissolved. Future is the key-word here.In that context, then-current response of a key-server query on "<john....@example.org>" could be much more deleterious to John than the evidence given to the tribunal by Jane Doe that she exchanged e-mails with john....@example.org way back in 2022.
If this is your concern, then email probably isn't the appropriate tool for your use case. The mere existence of a particular email address is not a secret; by design email does not (cannot!) protect envelope information.
If the members of example.com need to keep their membership secret, then at the very minimum example.com should give them random usernames. But you should also consider whether a plausible-deniability system like OTR is a better fit for your opsec, and even then plausible deniability is only really useful against adversaries who believe in due process...
-- Andrew Gallagher
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
