[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-devel
Subject: Re: INBOME comments
From: "Neal H. Walfield" <neal () walfield ! org>
Date: 2016-12-14 12:26:51
Message-ID: 87d1guzofo.wl-neal () walfield ! org
[Download RAW message or body]
On Tue, 06 Dec 2016 16:58:46 +0100,
Daniel Kahn Gillmor wrote:
> > - In the group communication example, Alice sends a message to Bob
> > and Carol at which point Bob and Carol learn about Alice's INBOME
> > preferences. Why doesn't Alice also include Bob and Carol's latest
> > IMBOME header so that Bob and Carol can immediately learn about
> > Carol and Bob's keys, respectively, without additional
> > interactions?
>
> While i think something like that could be useful, we need to be
> extremely cautious about the consequences of allowing "drive-by" INBOME
> data. The analogy in the DNS world is "cache poisoning". If i can set,
> clear, or reset your INBOME data for someone else even if i don't have
> access to the communitions channel, what are the consequences for your
> future communications?
I'd like to add that I appreciate it when people send me keys or
fingerprints of others who are in cc. It makes following up so much
easier. If the keys were automatically imported and marked as having
been provided by a particular person, that would be even better.
_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic