Mailing List Archive

Hi Johan,

Johan Wevers via Gnupg-users <gnupg-users@gnupg.org> wrote:

>On 2023-04-28 15:47, Werner Koch via Gnupg-users wrote:
>
>> * gpg: New command --quick-add-adsk and other ADSK features.
>> [T6395, https://gnupg.org/blog/20230321-adsk.html]
>
>So you finally caved in to the backdoor demands.

If there is no option as you say, i would say yes.

>What I'm missing (maybe I just didn't found it?) is an option in my
>config file to ignore adk requests and just don't encrypt to those keys
>as well when I send or reply a message.

ACK, absolutely necessary. Otherwise GnuPG would no longer be a
trustworthy encryption solution.

--
mlnl

GPG:1FC05426F87FA623

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

gnupg-users@gnupg.org wrote in
<20230428230349.429d3d3a@localhost>:
|Johan Wevers via Gnupg-users <gnupg-users@gnupg.org> wrote:
|>On 2023-04-28 15:47, Werner Koch via Gnupg-users wrote:
|>
|>> * gpg: New command --quick-add-adsk and other ADSK features.
|>> [T6395, https://gnupg.org/blog/20230321-adsk.html]
|>
|>So you finally caved in to the backdoor demands.
|
|If there is no option as you say, i would say yes.
|
|>What I'm missing (maybe I just didn't found it?) is an option in my
|>config file to ignore adk requests and just don't encrypt to those keys
|>as well when I send or reply a message.
|
|ACK, absolutely necessary. Otherwise GnuPG would no longer be a
|trustworthy encryption solution.

And Patrice Lumumba was thrown into a pit of slaked lime.
(After being beaten to death with rifle butts on the flight from
western to eastern Kongo, as far as i know. But wild times still
under colonial money mighty. (Afaik.))

--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
|~~
|..and in spring, hear David Leonard sing..
|
|The black bear, The black bear,
|blithely holds his own holds himself at leisure
|beating it, up and down tossing over his ups and downs with pleasure
|~~
|Farewell, dear collar bear

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Johan Wevers via Gnupg-users writes:
> On 2023-04-28 15:47, Werner Koch via Gnupg-users wrote:
>
> > * gpg: New command --quick-add-adsk and other ADSK features.
> > [T6395, https://gnupg.org/blog/20230321-adsk.html]
>
> So you finally caved in to the backdoor demands.
>
> What I'm missing (maybe I just didn't found it?) is an option in my
> config file to ignore adk requests and just don't encrypt to those keys
> as well when I send or reply a message.

Can't call it that as long as it's under user control (every long option of the software has an equivalent config file option. You don't add such a key via config or command line, no adsk will happen as it's not configured). If you're using gpg built by your org, you have no trustworthy environment anyway.

And the feature needs to be supported by the client.

In the face of email having been hijacked by the corporates/Micros~t+Exchange and intrinsically broken S/MIME, practical relevance: close to zero.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2023-04-30 1:15, ckeader via Gnupg-users wrote:

> Can't call it that as long as it's under user control (every long option of the software has an equivalent config file option. You don't add such a key via config or command line, no adsk will happen as it's not configured).

On my key, yes, I can choose to add an adk or not of course. But suppose
I want to encrypt to a key that has an adk added, but I only want to
encrypt to that key and not to the added adk? How do I do that?

> If you're using gpg built by your org, you have no trustworthy environment anyway.

Probably, but when I answer a mail from home with my own GnuPG I want to
be able to ignore adk's.

> And the feature needs to be supported by the client.

You, currently I run gpg 2.2 so it's not of immediate concern. But when
I eventually upgrade I want to be able to ignore adk's.

--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

On 30 Apr 2023, at 11:30, Johan Wevers via Gnupg-users <gnupg-users@gnupg.org> wrote:
>
> On 2023-04-30 1:15, ckeader via Gnupg-users wrote:
>
>> Can't call it that as long as it's under user control (every long option of the software has an equivalent config file option. You don't add such a key via config or command line, no adsk will happen as it's not configured).
>
> On my key, yes, I can choose to add an adk or not of course. But suppose
> I want to encrypt to a key that has an adk added, but I only want to
> encrypt to that key and not to the added adk? How do I do that?

Just curious, what’s the threat scenario here? If you suspect that your correspondent’s key preferences have been tampered with by a third party then surely the entire key is supect and shouldn’t be used at all? If on the other hand you believe that it has not been tampered with, but your correspondent has been negligent in configuring it, then maybe you shouldn’t trust your correspondent?

A

On 2023-04-30 13:22, Andrew Gallagher via Gnupg-users wrote:

> Just curious, what’s the threat scenario here?

The HR department of the receiver.

--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users