On Thu, Sep 24, 2015 at 7:42 AM, Simon Josefsson <simon@xxxxxxxxxxxxx> wrote:
Tony Finch <dot@xxxxxxxx> writes:
> John R Levine <johnl@xxxxxxxxx> wrote:
>>
>> A straightforward example is that the mail system, through malice or outside
>> pressure, does an MITM attack on users who have their own keys, so it
>> publishes a key it controls and re-encrypts mail on the way through to the
>> user's own key.
>
> The user should notice this since their encrypted mail will appear to come
> from their mail provider not from the sender. (PGP signature doesn't
> match 822 From:)
Not really -- OpenPGP does not reveal anything about the identity of the
encrypting entity. If the mail provider signed the email, it would be
noticeable, but there is no requirement to sign encrypted emails.
Since PGP was invented, spam has become a major problem and worse. You can have unrestricted end-to-end encryption without end-to-end authentication but you can't risk using it.
Security requires a systems approach. There are very few cases where you can get good security by adding one feature.