|
|
|
|
|
|
by defen
2307 days ago
|
|
|
> The point being made is that you continually fail to account for data at rest (among other things) in your arguments against encrypted email. Encrypted email with PGP doesn't give you data-at-rest encryption, though. See https://efail.de ... or the fact that forward secrecy was not a design consideration when it was designed in 1990. > Most people don't need to fear for their lives if a single message leaks, but that doesn't mean they want plaintext copies of everything cached all over the place for who knows how long either. This is the heart of the argument. You need to treat email (encrypted, or not) as if there are copies cached all over the place forever. You should assume that about any email you send (again, encrypted or not). This is why it's called security LARPing ... if your argument is simply "I don't want people reading my stuff, it's private"... well, no one cares about your emails. But the moment they do start caring, they can go back and read all of your emails, encrypted or not. |
|
|
> You need to treat email (encrypted, or not) as if there are copies cached all over the place forever.
That's my _entire point_. Assuming there are copies cached all over the place forever, I would strongly prefer that they were encrypted. How is this not an obviously desirable thing?!
> the moment they do start caring, they can go back and read all of your emails, encrypted or not
I do not believe that this claim is correct. Given a block of PGP encrypted text for which one lacks the private key, I am not aware of the existence of any practical attacks against the algorithm. If such an attack does exist, please point me to it - I would very much like to know about it.