From: Hal <hfinney@shell.portal.com>
Date: Sat, 11 Feb 95 09:10:27 PST
To: cypherpunks@toad.com
Subject: Re: why pgp sucks
In-Reply-To: <m0rdCF4-000E2cC@dorite.use.com>
Message-ID: <199502111709.JAA19315@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


alt@iquest.net (Al Thompson) writes:
>I would prefer that PGP would not give out ANY info about addressees.  It 
>would seem to me that it is quite a security breach to have PGP dutifully 
>tell you to whom it is addressed.  

PGP could be hacked fairly easily to do this (in fact there is a
program around called stealth that does this to some extent), however
in the context of this discussion we were discussing more the issue of
checking the signature on a file.  For that we do need a hint about
whose signature purports to be there.  PGP presently provides this in
the form of the low-order 64 bits of the key modulus, and this provides
problems in implementing the key database in distributed form.

Hal