Johan Wevers johanw at
Sun Apr 30 15:41:31 CEST 2023

On 2023-04-30 14:58, Andrew Gallagher via Gnupg-users wrote:

> E2E encryption can’t protect you from your correspondent disclosing your communication at the other end.

That is obvious.

> Whether this is done voluntarily or under duress from their employer is an opsec issue, not a comsec one.

If it is an ex-employer that might be more compicated.

> The danger of an “ignore ADK” option is that it gives a false sense of security. It is already possible for an employer to require escrow of the decryption subkeys of their employees - ADK actually makes this process more transparent.

That might be, but it is nowhere certain that this escrow will happen,
especially if they roll out adk's. Not providing such an option might be
a case where the perfect is the enemy of the good: it might not be a
perfect solution but it can be better than the alternative.

Besides, this is begging for GnuPG forks to arise, and if those forks
are well implemented remains to be seen.

ir. J.C.A. Wevers
PGP/GPG public keys at

More information about the Gnupg-users mailing list