[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP reveals the key ID of the recipient of encrypted msg



-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 11 Mar 1996 [email protected] wrote:

> I began testing PGP  a few days ago ( I'm a PGP newbie ) and I found 
> that it gives out the key ID of an encrypted message . From this you 
> can get the  identification of the recipient of the message , if it's 
> someone who has publicaly  distributed his  key (keyserver , homepage 
> ...) . So even if you are unable to decode the message you  can find 
> who is the recipient of a given message . I think this is a big 
> privacy problem .

The recipient of the message is right in the "To:" header of the message.
If you anonymously remail a message, however, only the last remailer in the
chain will know to whom the message is encrypted, but the last remailer can
also just read the "To:" header.  I don't find this to be a problem at all.

> 
> The problem is carried along when you encrypt a message for multiple  
> recipients , you get the key IDs of all the recipients and same 
> problem as above .  I think something like 'blind email copy' should 
> be used , because the recipients don't have to know the identity of 
> each other .

You could just encrypt a message to different key ID's seperately, rather than
in one pass of PGP.  The would have the effect of Bcc.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[email protected]              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMUSTJrZc+sv5siulAQHN/QP/ck5/e0+o6HFte49ht2ivN4R/xdL0r5WS
aqWSHq2CO3zxnY1ko76TQ34mA+v6oPGJ8TsfgACsRWzEOOs/8lSwZM93YOIsmrLU
obLgqu9Vgt0jS8l5AEgr82ma7yHzu03LV77jXIuOn+1Amh2uXJtVs66AO5LHbJxn
aBtSPgfCCDY=
=vp/g
-----END PGP SIGNATURE-----