Andrew Gallagher andrewg at
Sun Apr 30 14:58:17 CEST 2023

On 30 Apr 2023, at 13:45, Johan Wevers via Gnupg-users <gnupg-users at> wrote:
> On 2023-04-30 14:10, Werner Koch via Gnupg-users wrote:
>> It does not make any sense so have such an option.  If a user wants to
>> allow colleagues or an archive system to decrypt her mails that is her
>> decision.
> What I've had in practice in one company: you got a company key with a
> personal key and an adk added. Nothing to want from my part there. If I
> want to mail someone at such a company I may just want to ignore the adk.

E2E encryption can’t protect you from your correspondent disclosing your communication at the other end. Whether this is done voluntarily or under duress from their employer is an opsec issue, not a comsec one. If you don’t want your correspondent’s employer reading your emails, don’t send messages to their work email address.

The danger of an “ignore ADK” option is that it gives a false sense of security. It is already possible for an employer to require escrow of the decryption subkeys of their employees - ADK actually makes this process more transparent. 


More information about the Gnupg-users mailing list