1995-02-11 - Re: why pgp sucks

Header Data

From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: 3581ff551b7a4cbb91f5be3aa5f0f17c5c2666d2cae9bcb9eb5b37351575bd4c
Message ID: <199502111709.JAA19315@jobe.shell.portal.com>
Reply To: <m0rdCF4-000E2cC@dorite.use.com>
UTC Datetime: 1995-02-11 17:10:27 UTC
Raw Date: Sat, 11 Feb 95 09:10:27 PST

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Sat, 11 Feb 95 09:10:27 PST
To: cypherpunks@toad.com
Subject: Re: why pgp sucks
In-Reply-To: <m0rdCF4-000E2cC@dorite.use.com>
Message-ID: <199502111709.JAA19315@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


alt@iquest.net (Al Thompson) writes:
>I would prefer that PGP would not give out ANY info about addressees.  It 
>would seem to me that it is quite a security breach to have PGP dutifully 
>tell you to whom it is addressed.  

PGP could be hacked fairly easily to do this (in fact there is a
program around called stealth that does this to some extent), however
in the context of this discussion we were discussing more the issue of
checking the signature on a file.  For that we do need a hint about
whose signature purports to be there.  PGP presently provides this in
the form of the low-order 64 bits of the key modulus, and this provides
problems in implementing the key database in distributed form.

Hal





Thread