[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: why pgp sucks
[email protected] (Al Thompson) writes:
>I would prefer that PGP would not give out ANY info about addressees. It
>would seem to me that it is quite a security breach to have PGP dutifully
>tell you to whom it is addressed.
PGP could be hacked fairly easily to do this (in fact there is a
program around called stealth that does this to some extent), however
in the context of this discussion we were discussing more the issue of
checking the signature on a file. For that we do need a hint about
whose signature purports to be there. PGP presently provides this in
the form of the low-order 64 bits of the key modulus, and this provides
problems in implementing the key database in distributed form.
Hal