"Are You Now or Have You Ever Been..."

Andrew Gallagher andrewg at andrewg.com
Wed Feb 2 11:52:23 CET 2022


On 31/01/2022 22:29, jonkomer wrote:
> Confirming it, possibly many years after it has been dissolved.
> Future is the key-word here.
> 
> In that context, then-current response of a key-server query on
> "<john.doe at example.org>" could be much more deleterious to John
> than the evidence given to the tribunal by Jane Doe that she
> exchanged e-mails with john.doe at example.org way back in 2022.

If this is your concern, then email probably isn't the appropriate tool 
for your use case. The mere existence of a particular email address is 
not a secret; by design email does not (cannot!) protect envelope 
information.

If the members of example.com need to keep their membership secret, then 
at the very minimum example.com should give them random usernames. But 
you should also consider whether a plausible-deniability system like OTR 
is a better fit for your opsec, and even then plausible deniability is 
only really useful against adversaries who believe in due process...

-- 
Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220202/b43dc0f5/attachment.sig>


More information about the Gnupg-users mailing list