[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

anonymous mail



PEM also reveals who signs messages, even when the message is encrypted.
In other words, if I send you a PGP encrypted message which I also signed,
the signature is hidden under the encryption. You do not know who sent you
the PGP message (assuming a cypherpunks remailer or equivalent was used)
until after you decrypt the first "packet" and gaze inside.

PEM, on the other hand, reveals in the clear who signed the message, outside
of the encrypted portion. Also note that to be PEM compliant, you *must*
always sign your messages. So much for anonymous encrypted messages...

There is something to be said for the PGP encapsulated approach...