Encryption on Mailing lists sensless?

Mark H. Wood mwood at IUPUI.Edu
Tue Nov 18 16:14:29 CET 2014


It's time to expose my ignorance again, hopefully to cure some of it.

On Mon, Nov 17, 2014 at 12:02:07PM -0500, Robert J. Hansen wrote:
> > But sorry, I disagree a little bit. If we want literally to jam the
> > secret service's attempts to decrypt mails, then it makes sense to use
> > encryption for every single mail, private, business, nonsense and spam....
> 
> This would have the ultimate effect of destroying email as a platform. 
> Email works as well as it does -- as well as fails so miserably in other 
> ways -- largely *because* it's open to inspection.
> 
> As an example, pervasive end-to-end encryption would require antispam 
> defenses to move to the client rather than being deployed at the 
> mailserver or relay.  This would essentially be tantamount to giving up, 
> since there are no really effective client-side antispam measures.

Would this not at the same time make it simple for MUAs to discover
that "this message is not from anyone you say you know.  Delete
without reading?"  Because to decrypt the SPAM, you need the public
key, which is identifiable.  Even if the spammers lie, well, it's from
no one you know, or it's verifiably *not* from who the sender claims
to be.

> Similarly, it would assist in the spread of malware and viruses and for 
> the same reasons.  If a mailserver can't inspect the email, it can't 
> recognize malware and quarantine it for the health of the internet.

Again, if it's provably from no one you say that you trust, the MUA
could refuse to execute runnable content without explicit permission.
(Which I say should be the normal and only setting for all content,
but I know I'm a crank.)

I can also say that, so far as I know, the principal effect of
MTA-based antivirus in my life is to prevent me consciously emailing
known innocuous code that I wrote to people who ask for it.  So I for
one wouldn't miss it.  That's selfish of me, of course.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: </pipermail/attachments/20141118/aa3d260e/attachment-0001.sig>


More information about the Gnupg-users mailing list