Encryption on Mailing lists sensless?

Robert J. Hansen rjh at sixdemonbag.org
Tue Nov 18 16:11:41 CET 2014


> I agree. A third party should never handle the filtering of mail. If
> my email is nan at mygroup.org, then mygroup.org handles the
> encryption, decryption, spam filtering, etc.

A third party -- your mailserver administrator -- should never handle
the decryption or signing.  (There may be a couple of use cases where it
makes sense, but they're few and far between.)  All it takes is a
subpoena, and any citizen can file one of those.

It appears that you're selling a "solution" that involves giving a third
party access to your plaintext, all the while telling people that your
product will keep their communications secure.  I don't see how that can
be called anything other than snake oil.

> I agree again. I'm much more concerned about human rights groups and
> stopping mass surveillance.

So far you've --

* Made false claims that DSA is compromised
* Made false claims that NIST only minimally changed a compromised
   standard
* Advocated giving third-parties regular and routine access to
   plaintext

None of this is compatible with your claim that you're concerned about
human rights groups and stopping mass surveillance.

Please stop hyping snake oil.



More information about the Gnupg-users mailing list