this post was submitted on 09 Sep 2024
51 points (96.4% liked)

No Stupid Questions

35701 readers
774 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS
 

More specifically, if I was to attach my public key to every email — even when the recipient doesn’t use PGP.

My assumption is that “life would carry on” and there would be basically no difference but I’m not entirely sure.

the process of using PGP for encrypting content (text messages for example) is something I’m only just started understanding after some reading and practicing

EDIT

Since a couple of people have mentioned it, my email provider provides E2EE between users but it I want to have E2EE with non-users and via my aliases (SimpleLogin) with custom domains I’ll need PGP

you are viewing a single comment's thread
view the rest of the comments
[–] solrize@lemmy.world 5 points 1 month ago* (last edited 1 month ago) (1 children)

Your public key block is a cumbersome thing and it's enough to just append its fingerprint, if you consider email to be trusted against forgery but not against eavesdropping. The other person can then use the hash to authenticate your key that they get some other way (or they could just ask you to email it).

Back in the day, lots of nerds would have their PGP key fingerprint (32 hex digits) printed across the bottom of their business cards. So if someone got a card in person, they could use the fingerprint to authenticate a key that they later received by email.

Your post doesn't ask about signing your emails without a good reason, but some commenter seems to think you are asking about that. That can be good, bad, or both, since it means that anyone who gets a copy of the message, including attackers, can now authenticate that the message came from you. Anything that gives attackers capabilities that they didn't already have, must be examined critically. Dan Bernstein came up with an clever authenticator scheme designed to prevent this exact attack, but PGP doesn't implement it and I actually don't know of any software that does.

Finally, at least some of the old-time PGP community now thinks that PGP solved, to some extent, the wrong problem. It not only made no attempt to conceal metadata, but it actually advertised it, in the form of key servers and key signatures connected with keys. Even if the attackers couldn't read the encrypted messages, they could still tell who was talking to who, which is almost as bad. Remailer and broadcatch systems tried to solve this, with mixed success. A quote by cryptographer Silvio Micali has stuck with me for a long time: "a good disguise does not reveal the person's height". I.e. don't just try to conceal the message contents from attackers while letting them collect other information. Rather, don't give them ANY information.

It's possible to get rather "Spy vs Spy" about this type of stuff but it can help you think about security. As always, "Security Engineering" by Ross Anderson is a fantastic book if you're interested in the general topic of how to be paranoid. Or to quote the proverb, it's not paranoia if they really are out to get you ;). The book is here, 1st and 2nd editions downloadable as pdfs: https://www.cl.cam.ac.uk/~rja14/book.html

[–] governorkeagan@lemdro.id 2 points 1 month ago

Thank you for the very detailed response! I’ll give that book a read, it sounds interesting.