Web Key Discovery
Bernhard Reiter
bernhard at intevation.de
Fri Apr 6 10:08:57 CEST 2018
Am Dienstag 03 April 2018 13:02:17 schrieb Sam Bull:
> Why can't the web key discovery take the same approach?
Because we want to defend to some extend against an email provider
manipulating the pubkeys it hands out for their users. Otherwise we are less
end-to-end. Therefore we essentially assume that one email address is one
identity.
In your case you want to controll all emails to one email domain, but have
them pose as different identities. So to me its fine that WKD makes this a
bit harder. (I don't know well enough, which problem you are trying to solve
with this.)
My suggestion is: As you are the only user on the server and completely
controlling it: Add a new identity each time you create a new email alias
automatically on a server. If you want more security use a hardware token.
Note that someone how gets to control your server, could just create a new
email aliases and a completely new keypair they control and divert emails
send to you, so you cannot defend against all of these attacks anymay.
Best,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180406/7500b4e1/attachment-0001.sig>
More information about the Gnupg-devel
mailing list