Michael Richardson mcr at
Tue May 2 17:04:33 CEST 2023

Andrew Gallagher <andrewg at> wrote:
    > The only way that a company would end up archiving a password reset
    > email encrypted to an ADK would be if an employee was using their work
    > email address for password resets. If using their work email for this
    > purpose is inadvisable, then it is inadvisable regardless of ADKs.

Like you mean, an employee was using a work email for a work thing, maybe?

    > ADK introduces no new considerations that are not also an issue for key
    > escrow, which happens anyway, and has several advantages over escrow,

I agree.

    > If you don’t trust your correspondent’s employer, then the only
    > effective course of action is to not use their employer’s email
    > address. Technical measures cannot protect you from opsec problems.

I'm asking to be informed so that I can make the decision to do
something else.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 511 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list