[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP reveals the key ID of the recipient of encrypted msg
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 11 Mar 1996 [email protected] wrote:
> I began testing PGP a few days ago ( I'm a PGP newbie ) and I found
> that it gives out the key ID of an encrypted message . From this you
> can get the identification of the recipient of the message , if it's
> someone who has publicaly distributed his key (keyserver , homepage
> ...) . So even if you are unable to decode the message you can find
> who is the recipient of a given message . I think this is a big
> privacy problem .
The recipient of the message is right in the "To:" header of the message.
If you anonymously remail a message, however, only the last remailer in the
chain will know to whom the message is encrypted, but the last remailer can
also just read the "To:" header. I don't find this to be a problem at all.
>
> The problem is carried along when you encrypt a message for multiple
> recipients , you get the key IDs of all the recipients and same
> problem as above . I think something like 'blind email copy' should
> be used , because the recipients don't have to know the identity of
> each other .
You could just encrypt a message to different key ID's seperately, rather than
in one pass of PGP. The would have the effect of Bcc.
- --Mark
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[email protected] | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQCVAwUBMUSTJrZc+sv5siulAQHN/QP/ck5/e0+o6HFte49ht2ivN4R/xdL0r5WS
aqWSHq2CO3zxnY1ko76TQ34mA+v6oPGJ8TsfgACsRWzEOOs/8lSwZM93YOIsmrLU
obLgqu9Vgt0jS8l5AEgr82ma7yHzu03LV77jXIuOn+1Amh2uXJtVs66AO5LHbJxn
aBtSPgfCCDY=
=vp/g
-----END PGP SIGNATURE-----