mcr at sandelman.ca
Tue May 2 17:04:33 CEST 2023
Andrew Gallagher <andrewg at andrewg.com> wrote:
> The only way that a company would end up archiving a password reset
> email encrypted to an ADK would be if an employee was using their work
> email address for password resets. If using their work email for this
> purpose is inadvisable, then it is inadvisable regardless of ADKs.
Like you mean, an employee was using a work email for a work thing, maybe?
> ADK introduces no new considerations that are not also an issue for key
> escrow, which happens anyway, and has several advantages over escrow,
> If you don’t trust your correspondent’s employer, then the only
> effective course of action is to not use their employer’s email
> address. Technical measures cannot protect you from opsec problems.
I'm asking to be informed so that I can make the decision to do
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 511 bytes
Desc: not available
More information about the Gnupg-users