Adding support for fetching GPG key using WKD protocol
invalid at pizzashack.org
Mon Jul 9 16:41:07 UTC 2018
On Mon, Jul 09, 2018 at 05:05:58PM +0200, Vincent Lefevre wrote:
> On 2018-07-06 17:50:59 -0500, Derek Martin wrote:
> > On Fri, Jul 06, 2018 at 10:54:20PM +0200, Wiktor Kwapisiewicz wrote:
> > > If you're sending e-mail to user at example.com and do a WKD query it
> > > would reveal that only to example.com. But you're sending the e-mail
> > > there so that user (or their server admins) would already know that
> > > after you send that e-mail.
> > False. It would also potentially reveal that to anyone who was
> > operating any part of the network in between your endpoint and the
> > example.com endpoint, as well as anyone who was able to subvert some
> > aspect of the example.com domain (its DNS, the webserver, etc.) by
> > MITM attack or similar. Or... other things.
> If you fear about that, and this:
> > However the mere revelation of who is receiving my messages can be
> > just as dangerous, depending on the type of correspondence I'm having.
> then, don't use e-mail, because e-mail will not guarantee the absence
> of any leak of the recipient address.
Exactly my point. If you really care about keeping private
communications private, do not use e-mail. Working backward from
that, there's no reason to bother with encryption on e-mail.
Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
This message is posted from an invalid address. Replying to it will result in
undeliverable mail due to spam prevention. Sorry for the inconvenience.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Mutt-dev