Encryption on Mailing lists sensless?
nan at goodcrypto.com
Tue Nov 18 10:43:54 CET 2014
> Given that I've seen PGP-signed spam mails, no, I think you're being naive.
You use the same antispam/antivirus you use now. What people do today is a little complex, so I understand why it's not clear:
your mail server -> your crypto server (decrypts) -> your mail server (antispam etc) -> user (tls)
> If you're running the mailserver and you can decrypt my secured messages, then there's
> nothing preventing the federal government from serving you with a subpoena saying,
> "please hand over the encryption keys."
I agree. A third party should never handle the filtering of mail. If my email is nan at mygroup.org, then mygroup.org handles the encryption, decryption, spam filtering, etc.
> The only person who can be trusted to do the decryption is the end user,
> running on hardware the end user directly controls.
In an ideal world, yes. But after 20 years of recommending user-to-user encryption, it's clear most users can't or won't. As Bruce Schneier says, "If there's anything PGP has taught us, it's that one click is one click too many." Experts can still encrypt any messages they want individually. We can't leave the rest of us unprotected.
> I care very little about what happens to corporations.
I agree again. I'm much more concerned about human rights groups and stopping mass surveillance.
> You're still talking about destroying the antispam experience of end-users.
The group's mail server handles spam, viruses, etc., just like it does today. No change for the user.
GoodCrypto warning: Anyone could have read this message. Use encryption, it works.
More information about the Gnupg-users