ADK's
Michael Richardson
mcr at sandelman.ca
Tue May 2 17:04:33 CEST 2023
Andrew Gallagher <andrewg at andrewg.com> wrote:
> The only way that a company would end up archiving a password reset
> email encrypted to an ADK would be if an employee was using their work
> email address for password resets. If using their work email for this
> purpose is inadvisable, then it is inadvisable regardless of ADKs.
Like you mean, an employee was using a work email for a work thing, maybe?
> ADK introduces no new considerations that are not also an issue for key
> escrow, which happens anyway, and has several advantages over escrow,
I agree.
> If you don’t trust your correspondent’s employer, then the only
> effective course of action is to not use their employer’s email
> address. Technical measures cannot protect you from opsec problems.
I'm asking to be informed so that I can make the decision to do
something else.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 511 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20230502/70df558c/attachment.sig>
More information about the Gnupg-users
mailing list