Michael Richardson mcr at
Mon May 1 04:53:15 CEST 2023

Jacob Bachmeyer via Gnupg-users <gnupg-users at> wrote:
    > ADKs seem particularly valuable to me as a solution to the "group inbox"
    > problem that avoids actually sharing private key material:  simply
    > attach encryption subkeys for all recipients to the "group inbox"
    > certificate.  This requires publishing new certificates when the
    > recipient list changes and discloses the recipient list to some extent, but
    > that is the trade-off for end-to-end security in this context.  Could a
    > "--notify-ADK-encrypt" option that could be placed in the configuration file
    > be appropriate to address user concerns about possible improper proliferation
    > of ADKs?  Should a notification that an ADK was used actually be default?
    > After all, there are legitimate uses for ADKs, but an ADK turning up where
    > not expected could be a strong hint that you have a bogus certificate.

That would be really useful for security at

I'm unclear if this is a new feature (I think so), and if so what happens if
the sender hasn't upgraded yet?

    > I would also note that, for a work email system in an environment where there
    > is a legal or quasi-legal requirement (not uncommon in finance) to archive
    > messages, simply dropping any incoming message not decryptable with the
    > archive ADK as spam would be reasonable.  Since the primary concern
    > motivating message archival in this example is deterring insider trading,
    > simply not allowing unreadable messages to be delivered accomplishes the same
    > objective.

Yes, reasonable.
OTH, the emails investigating the insider trading by the HR people might need
to avoid the ADK.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 511 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list