On Fri, 28 Apr 2023 11:21, Todd Zullinger said:
> It seems neither of these files have not made it to the
> server yet:
Sorry for that. I have used a new build machine and obviously forgot
one of the last steps. Most of the release process is scripted but the
final upload needs to be done
On Fri, 28 Apr 2023 16:57, Johan Wevers said:
> So you finally caved in to the backdoor demands.
In business it is quite common to share subkeys with others. Thus the
ADSK makes it only more explicit and flexible. See the blog entry.
> What I'm missing (maybe I just didn't found it?) is an
On 2023-04-30 13:22, Andrew Gallagher via Gnupg-users wrote:
> Just curious, what’s the threat scenario here?
The HR department of the receiver.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
___
Gnupg-users
On 2023-04-30 14:10, Werner Koch via Gnupg-users wrote:
> It does not make any sense so have such an option. If a user wants to
> allow colleagues or an archive system to decrypt her mails that is her
> decision.
What I've had in practice in one company: you got a company key with a
personal
On 2023-04-30 1:15, ckeader via Gnupg-users wrote:
> Can't call it that as long as it's under user control (every long option of
> the software has an equivalent config file option. You don't add such a key
> via config or command line, no adsk will happen as it's not configured).
On my key,
On 30 Apr 2023, at 11:30, Johan Wevers via Gnupg-users
wrote:
>
> On 2023-04-30 1:15, ckeader via Gnupg-users wrote:
>
>> Can't call it that as long as it's under user control (every long option of
>> the software has an equivalent config file option. You don't add such a key
>> via config
On 30 Apr 2023, at 13:45, Johan Wevers via Gnupg-users
wrote:
>
> On 2023-04-30 14:10, Werner Koch via Gnupg-users wrote:
>
>> It does not make any sense so have such an option. If a user wants to
>> allow colleagues or an archive system to decrypt her mails that is her
>> decision.
>
>
On Sun, Apr 30, 2023 at 05:41:31PM +0200, Johan Wevers via Gnupg-users wrote:
>
> All I want is an option to ignore adk's - and it should not claim
> anything else than that.
Can't you remove ADK subkeys from your keyring?
signature.asc
Description: PGP signature
On 2023-04-30 14:58, Andrew Gallagher via Gnupg-users wrote:
> E2E encryption can’t protect you from your correspondent disclosing your
> communication at the other end.
That is obvious.
> Whether this is done voluntarily or under duress from their employer is an
> opsec issue, not a comsec
On 2023-04-30 16:54, Andrew Gallagher via Gnupg-users wrote:
>> That might be, but it is nowhere certain that this escrow will happen,
>> especially if they roll out adk's.
>
> You’re inverting the burden of proof here. The important consideration is
> that E2E can’t prove that a key *wasn’t*
On 30 Apr 2023, at 14:42, Johan Wevers via Gnupg-users
wrote:
>
> On 2023-04-30 14:58, Andrew Gallagher via Gnupg-users wrote:
>> Whether this is done voluntarily or under duress from their employer is an
>> opsec issue, not a comsec one.
>
> If it is an ex-employer that might be more
On 2023-04-30 21:01, Ineiev via Gnupg-users wrote:
>> All I want is an option to ignore adk's - and it should not claim
>> anything else than that.
>
> Can't you remove ADK subkeys from your keyring?
On someone else's key?
--
ir. J.C.A. Wevers
PGP/GPG public keys at
There are 2 simple workarounds to employment ADK's :
[ 1 ]. Send a symmetrically encrypted message to the key with the
ADK(This will require an agreed upon symmetric passphrase communicated
in person, phone, or another non-ADK manner)
[ 2 ]. Generate a non-ADK key, not uploaded to any server
Johan Wevers via Gnupg-users wrote:
On 2023-04-30 14:58, Andrew Gallagher via Gnupg-users wrote:
[...]
The danger of an “ignore ADK” option is that it gives a false sense of
security. It is already possible for an employer to require escrow of the
decryption subkeys of their employees -
Michael Richardson wrote:
Jacob Bachmeyer via Gnupg-users wrote:
> ADKs seem particularly valuable to me as a solution to the "group inbox"
> problem that avoids actually sharing private key material: simply
> attach encryption subkeys for all recipients to the "group inbox"
>
Jacob Bachmeyer via Gnupg-users wrote:
> ADKs seem particularly valuable to me as a solution to the "group inbox"
> problem that avoids actually sharing private key material: simply
> attach encryption subkeys for all recipients to the "group inbox"
> certificate. This requires
16 matches
Mail list logo
