If I want to have some privacy and avoid the attention of publishing my email address to the public key server web of trust, yet have a secure two-way email conversation with one recipient, what are the ways in which we can share public keys, in order to have the secure conversation?
I am concerned about:
- My email being publically associated with PGP. (It is a privacy issue)
- My email having spam sent to it as a result of being on the public lists.
- The very existence of my email address being easily findable by anyone other than the people I want to communicate with.
I can so far think of ways such as exchanging keys over a trusted, secure OTR IM conversation, or physically/in person, but if you trust your respective email hosts / a third party not to change the keys with a MITM attack, could simply exchanging your keys via unencrypted email be a workable solution for what I want to (or rather, not want to) do?
And do many privacy-conscious people (like members of law enforcement, such as NSA agents) do this to avoid having their (government) email addresses publically 'outed' by being on public PGP key lists? Maybe they have their own private PGP servers within each organication to take care of that?
Aucun commentaire:
Enregistrer un commentaire