From: “Robert A. Rosenberg” <hal9001@panix.com>
To: John Pettitt <jpp@software.net>
Message Hash: 277f6b29bc68f00d3bb96bb93f053f81658cde85f4b1ddda82a3e4d6b7b10fc6
Message ID: <v02140b06ad6bb73beb5c@[165.254.158.237]>
Reply To: N/A
UTC Datetime: 1996-03-13 07:55:48 UTC
Raw Date: Wed, 13 Mar 1996 15:55:48 +0800
From: "Robert A. Rosenberg" <hal9001@panix.com>
Date: Wed, 13 Mar 1996 15:55:48 +0800
To: John Pettitt <jpp@software.net>
Subject: Re: PGP reveals the key ID of the recipient of encrypted msg
Message-ID: <v02140b06ad6bb73beb5c@[165.254.158.237]>
MIME-Version: 1.0
Content-Type: text/plain
At 16:36 3/11/96, John Pettitt wrote:
>I can see a case where one would want to broadcast a message (say on usenet)
>with *no* indication of the intended recipient (not even a non registered
>key-id). It would seem to be easy enough to hack up something that does not
>have key-IDs - to know if it's for you try decryption and if it works then
>it was for you. This does not scale well as the recipient must trial
>decrypt all messages which could use *a lot* (tm) of CPU time.
There is also the problem of knowing WHICH key to use (ie: Even when you
know the message is intended for you, you must do a test run with each of
your keys until one works). Thus you want private keys whose ownership is
not publicly linked to your known identity (but is known to your
correspondents). So long as you have your corespondent's published Public
Key, you can use it to do a one-time transmission of a private Public Key
to be used to do anonymous (ie: Not Linked to your Public Identity)
transmissions to you.
Return to March 1996
Return to ““Robert A. Rosenberg” <hal9001@panix.com>”