mcr at sandelman.ca
Mon May 1 04:53:15 CEST 2023
Jacob Bachmeyer via Gnupg-users <gnupg-users at gnupg.org> wrote:
> ADKs seem particularly valuable to me as a solution to the "group inbox"
> problem that avoids actually sharing private key material: simply
> attach encryption subkeys for all recipients to the "group inbox"
> certificate. This requires publishing new certificates when the
> recipient list changes and discloses the recipient list to some extent, but
> that is the trade-off for end-to-end security in this context. Could a
> "--notify-ADK-encrypt" option that could be placed in the configuration file
> be appropriate to address user concerns about possible improper proliferation
> of ADKs? Should a notification that an ADK was used actually be default?
> After all, there are legitimate uses for ADKs, but an ADK turning up where
> not expected could be a strong hint that you have a bogus certificate.
That would be really useful for security at example.com
I'm unclear if this is a new feature (I think so), and if so what happens if
the sender hasn't upgraded yet?
> I would also note that, for a work email system in an environment where there
> is a legal or quasi-legal requirement (not uncommon in finance) to archive
> messages, simply dropping any incoming message not decryptable with the
> archive ADK as spam would be reasonable. Since the primary concern
> motivating message archival in this example is deterring insider trading,
> simply not allowing unreadable messages to be delivered accomplishes the same
OTH, the emails investigating the insider trading by the HR people might need
to avoid the ADK.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 511 bytes
Desc: not available
More information about the Gnupg-users