| > Governments can still gather the metadata of encrypted emails. True, but don't throw out the baby with the bathwater right away. I know metadata is at least as sensitive as the actual content, but you need to pick your battles. If we get people to widely use GPG to encrypt the content of their emails, that is already a huge win. Why? Because they're now using a public/private key infrastructure. And as you are probably well aware, as soon as everyone involved has secure private keys, implementing all sorts of nifty crypto strategies to hide pretty much whatever you want, is just a matter of adding protocols. And that can be done pretty transparently, if only the intended users would already be using keypairs for identity management. So, IMO, even if just encrypting the content is not quite complete privacy, it's a great step on the way to getting there. The other way around, hiding the metadata first, or perhaps both at the same time, seem a lot harder to accomplish widely. So even if you're technically right, getting the public in the habit of using GPG, is not a waste of time, it's just that for some crazy reason common usage of strong crypto is so far behind the times they are going to need several steps to catch up with technology. > Is there a standard email header that advertises "you can reply back to me with a PGP encrypted email encrypted to key ID X and I'll be able to read it automatically"? If not, somebody should propose one. Public keyservers exist so I see no reason a simple header like this wouldn't suffice. that's a great idea. anyone know if something like this does not already exist? (and I'm not entirely sure if those key-ID's are sufficiently unique and/or secure, but you can put more then just the ID in such a header to fix that) |
True, but key-pairs pretty much cryptographically ties a real person to an online identity, and so that makes meta-data more valuable, and makes "give us your keys or go to jail laws" more scary.