Adding support for fetching GPG key using WKD protocol

Derek Martin invalid at pizzashack.org
Fri Jul 6 22:50:59 UTC 2018


On Fri, Jul 06, 2018 at 10:54:20PM +0200, Wiktor Kwapisiewicz wrote:
> >Your other points are all reasonable, and like I said, my opposition
> >to the feature isn't strong--but you didn't change my mind either. :)
> 
> Yes, I can see that, but it's hard to change your opinion that
> e-mail privacy is a lost cause in just a couple of e-mails.

I've thought extensively about it, and (I hope it's clear that) I'm
fairly well versed on the topic, so I think it's extraordinarily
unlikely you could change my opinion with any number of e-mails... ;-)
But I suppose anything is possible.

> Mind me asking why do you put your key ID in e-mails if you're
> opposed to encrypted communication?

Well... It's been there for decades.  Quite literally.  I was once an
avid user of encryption.  But it's also there for digital signatures,
and so that if people really, really want to e-mail me directly,
rather than respond to me on some list I'm posting on, there's a way
that can be possible... if they're a little bit clever.

> >It's actually worse, because it leaks whom you are actually sending
> >messages to, rather than from whom you're receiving them...
> 
> If you're sending e-mail to user at example.com and do a WKD query it
> would reveal that only to example.com. But you're sending the e-mail
> there so that user (or their server admins) would already know that
> after you send that e-mail.

False.  It would also potentially reveal that to anyone who was
operating any part of the network in between your endpoint and the
example.com endpoint, as well as anyone who was able to subvert some
aspect of the example.com domain (its DNS, the webserver, etc.) by
MITM attack or similar.  Or... other things.

That's a big part of the danger here...  You could retrieve a key that
you think is for someone you know, when the request has actually been
intercepted by, say, someone operating part of AT&T's backbone, and
served a key of the attacker's making.  *I* would not fall into such a
trap, because I will not rely on the privacy of encryption to such a
key until I have personally verified it, and it seems as though you
would not fall into it either, based on at least web of trust...  But
I'm extremely confident that a percentage of users would be fooled by
such an attack, and may in the process give away the keys to the
store, so to speak.

However the mere revelation of who is receiving my messages can be
just as dangerous, depending on the type of correspondence I'm having.
For example, if I were a political refugee trying to secure my safe
passage to a different locale with a more friendly regieme, the
unexpected automatic key retrieval, intercepted by the people I were
running from, could be enough for them to find me and kill me.  This
is an extreme example, but this is one of the things which might
genuinely justify the use of encryption.

But, in fact I am not--I'm just an average guy where I'm from.
Frankly I never say anything in e-mail that I would not say loudly in
a crowd of strangers, so... encrypting my mail is really pointless. :)
For truly sensitive communications, I will find a different way, as
suited to the specific circumstances.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20180706/cb86d7e9/attachment.asc>


More information about the Mutt-dev mailing list