[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PGP reveals the key ID of the recipient of encrypted msg



I began testing PGP  a few days ago ( I'm a PGP newbie ) and I found 
that it gives out the key ID of an encrypted message . From this you 
can get the  identification of the recipient of the message , if it's 
someone who has publicaly  distributed his  key (keyserver , homepage 
...) . So even if you are unable to decode the message you  can find 
who is the recipient of a given message . I think this is a big 
privacy problem .

The problem is carried along when you encrypt a message for multiple  
recipients , you get the key IDs of all the recipients and same 
problem as above .  I think something like 'blind email copy' should 
be used , because the recipients don't have to know the identity of 
each other .

Comments from long time PGPer  will be welcome