"Are You Now or Have You Ever Been..."
Andrew Gallagher
andrewg at andrewg.com
Wed Feb 2 11:52:23 CET 2022
On 31/01/2022 22:29, jonkomer wrote:
> Confirming it, possibly many years after it has been dissolved.
> Future is the key-word here.
>
> In that context, then-current response of a key-server query on
> "<john.doe at example.org>" could be much more deleterious to John
> than the evidence given to the tribunal by Jane Doe that she
> exchanged e-mails with john.doe at example.org way back in 2022.
If this is your concern, then email probably isn't the appropriate tool
for your use case. The mere existence of a particular email address is
not a secret; by design email does not (cannot!) protect envelope
information.
If the members of example.com need to keep their membership secret, then
at the very minimum example.com should give them random usernames. But
you should also consider whether a plausible-deniability system like OTR
is a better fit for your opsec, and even then plausible deniability is
only really useful against adversaries who believe in due process...
--
Andrew Gallagher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220202/b43dc0f5/attachment.sig>
More information about the Gnupg-users
mailing list