key question

David Shaw dshaw at
Sat Feb 27 15:58:53 CET 2010

On Feb 26, 2010, at 12:04 PM, Robert J. Hansen wrote:

>> In some cases, the authorities knowing an individual used encryption
>> could be a problem.
> Why?  Because they have a key on the keyservers?  If this is what you're
> worried about, rest easy: there are so many easier ways to learn whether
> someone uses encrypted email that I can't imagine competent
> law-enforcement searching the keyservers.
> For instance, in the United States the authorities can get your email
> headers without a warrant.  That means to, from, subject, routing
> information, and all the kluges.  Check the kluges on this email and I'm
> pretty sure you'll see kluges related to Enigmail.  Presto, at that
> point people know I'm using a crypto-aware MTA.

Do you really mean to suggest that a US authority getting email headers - even without a warrant - is easier than typing a name into a search box on a keyserver?  No question that the authority *can* get such headers, but I question the "easier".  Have you read the various (leaked) guides the ISPs have for delivery of such materials?  They are fascinating, but in no way speedy.  I'd expect a truly competent law-enforcement agent would get both - order the requested material from the ISP, and while he's waiting for delivery, take the 20 seconds to search a keyserver.  (Of course, all this assumes that we're presuming guilt-by-encryption, or at least suspicion-by-encryption, which I don't really buy in any event).

In any event, Rob, could you do me a huge favor and clarify what statement you are trying to make here?  Jumping into a mail thread late is always fraught with misunderstanding, but, I've re-skimmed the thread, and I'm honestly still not sure what you're trying to say.

It seems (and I could be utterly wrong), that MFPA is saying "Not everyone wants their key on the keyservers, so please don't automatically send other people's keys there.  If the key owner wants the key on the keyservers, he'll send it himself."  You seem to be saying "This is not based on good logic as I see it, and therefore....  (something)."   What's the "(something)"?  That you reserve the right to send other people's keys to the keyserver?  That it's foolish to request that other people don't send them?  Something else?  Or perhaps I mischaracterize both your and MFPA's positions.

What am I missing here?


More information about the Gnupg-users mailing list