Encryption on Mailing lists sensless?

Garreau, Alexandre galex-713 at galex-713.eu
Tue Nov 18 15:27:23 CET 2014


On 2014-11-18 at 10:43, Nan wrote:
>> If you're running the mailserver and you can decrypt my secured messages, then there's 
>> nothing preventing the federal government from serving you with a subpoena saying, 
>> "please hand over the encryption keys."
>
> I agree. A third party should never handle the filtering of mail. If
> my email is nan at mygroup.org, then mygroup.org handles the encryption,
> decryption, spam filtering, etc.

mygroup.org is a third party. mygroup.org is static. mygroup.org is a
different person than nan. mygroup.org can be corrupted, menaced or
cracked. nan will not know.

>> The only person who can be trusted to do the decryption is the end user,
>> running on hardware the end user directly controls.
>
> In an ideal world, yes. But after 20 years of recommending
> user-to-user encryption, it's clear most users can't or won't.

Context changes. 20 years ago fascism weren’t raising again at this
rate, petrol wasn’t at a decade of ending, and Snowden didn’t made his
revelations. It doesn’t mean it’s impossible but it means we were doing
it wrong. The GNUnet philosophy of “just prepare the change of roughly
everything, make all the simplest possible and do a lot of
philosophical/political education” seems the most utopic, but also the
more realist to me.

> As Bruce Schneier says, "If there's anything PGP has taught us, it's
> that one click is one click too many." Experts can still encrypt any
> messages they want individually. We can't leave the rest of us
> unprotected.

Within MUA such as ClawsMail, Thunderbird, etc. you don’t need a click,
just a configuration. Within networks such as GNUnet you don’t need a
configuration, just a “registration”, “connection”, “installation”, or
wathever you call it. Your adress is your public key, on computer it can
be the nick associated in a signed entry within DHT possibly with a
vizhash, and physically it’s a QRCode. Nothing more simple. It’s
actually simpler that the current unencrypted internet.

And as it were said, to gain freedom sometimes you need an effort. If you consider
it pointless, you deserve to remain a slave.

>> I care very little about what happens to corporations. 
>
> I agree again. I'm much more concerned about human rights groups and stopping mass surveillance.

Making authority nice? Teaching people freedom is not utopic, making
authority nice and respectful is.

>> You're still talking about destroying the antispam experience of end-users.
>
> The group's mail server handles spam, viruses, etc., just like it does today. No change for the user.

Yes, no. any. change. Unfortunately.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20141118/fe6178f3/attachment.sig>


More information about the Gnupg-users mailing list