Re: [Tails-dev] [RFC] Dropping requirement for OpenPGP commu…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] [RFC] Dropping requirement for OpenPGP communication with HTTP mirror operators?
Hi,

u wrote (06 Mar 2016 19:03:30 GMT) :
> Encrypting would keep a veil on who of the Tails team sends which
> requests for which reasons.


I think that using Schleuder's remailing capabilities already provide
this property, and I'm not sure I follow how encryption impacts it.

>> I'm now less convinced that these advantages are worth the drawbacks,
>> and could be ready to drop the OpenPGP communication requirement.


> If signing requests in both directions is absolutely necessary (and I am
> in favour of this),


Heard.

So I guess that we're back to wondering if those who maintain the pool
of mirrors check such things strictly enough to make all this work
useful against an actual attacker.

I'll ignore the "who does this work" part for now, because for now I'd
rather discuss "assuming we have people happy to do it, do we think
it's worth it?", and avoid leaning on the discussion with how the
decision may affect my personal commitments.

> then encryption is only a step away and we still need to maintain
> the mirror keyring.


Yes, absolutely (I didn't mention it initially because I agree that
encryption comes for free if we "keep" authentication).

> I cannot imagine another way of authenticating such requests as of today.


> As for proposing a choice to the operators on whether they'd like to
> encrypt emails or not would probably add even more overhead of
> maintaining such a list.


... and I think that Schleuder doesn't allow us to have authentication
only when emailing someone, so if we have their pubkey, we're going to
sign + encrypt; and if we don't have their pubkey, then we're only
going to sign.

Cheers!
--
intrigeri