Corporate use of gnupg

Nicholas Cole nicholas.cole at gmail.com
Tue Feb 19 15:54:07 CET 2008


On Tue, Feb 19, 2008 at 1:23 PM, David Picón Álvarez
<david at miradoiro.com> wrote:
> > I know that ADK can be circumvented by a determined attacker, but it
>  > strikes me as a useful feature, and I have never quite understood the
>  > opposition to it.  It would have made encryption more palatable in
>  > corporate settings, which surely would have been a good thing!
>
>  IMO there are two possibilities: 1) your users are forgetful but honest, 2)
>  your users are dishonest.
>
>  For case 1, an equivalent of ADK can be obtained with a line on GPG's
>  configuration file.
>
>  For case 2, you are screwed, and ADK is only going to give you a false sense
>  of security.
>
>  Thus ADK is either pointless or unnecessary.

This just simply isn't true.

Putting a line in a config file may be fine for internal mail, but
does nothing to help you to be able to decrypt mail sent from outside
your organisation.  It also locks everyone into using gpg - I thought
the whole point of gpg / opengpg was to be inter-operative.

Secondly, there might be any number of reasons why a user might not be
able to give you access to a key.  He might be incompetent, he might
be unexpectedly ill or worse.  And so on, and so forth.

But my real point is this: gpg in most areas says "This is a tool.
Your threat models will vary, and we give you a tool which you can
deploy".  But in the area of ADK, even when for years people have said
on this list and elsewhere, "ADK would help with the
threat/organizational model we have", GPG refuses to help.  "alter
your config file" solves (at best) half of the problem.

There may be very good technical reasons why ADKs are a bad idea, but
I've never seen them explained.  There was, I know, an attack on PGP
which relied upon them a while ago, but IIRC that bug was easily
fixed.

Best wishes,

N



More information about the Gnupg-users mailing list