1996-03-12 - Re: PGP reveals the key ID of the recipient of encrypted msg

Header Data

From: “Mark M.” <markm@voicenet.com>
To: cypherpunks@toad.com
Message Hash: e4bd4d03ca6e77b56517b1a56941e02efb8923e4802faa2f3999291331584942
Message ID: <Pine.LNX.3.91.960311155124.214B-100000@gak>
Reply To: <199603110740.IAA06254@storm.certix.fr>
UTC Datetime: 1996-03-12 07:50:08 UTC
Raw Date: Tue, 12 Mar 1996 15:50:08 +0800

Raw message

From: "Mark M." <markm@voicenet.com>
Date: Tue, 12 Mar 1996 15:50:08 +0800
To: cypherpunks@toad.com
Subject: Re: PGP reveals the key ID of the recipient of encrypted msg
In-Reply-To: <199603110740.IAA06254@storm.certix.fr>
Message-ID: <Pine.LNX.3.91.960311155124.214B-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Mon, 11 Mar 1996 savron@world-net.sct.fr wrote:

> I began testing PGP  a few days ago ( I'm a PGP newbie ) and I found 
> that it gives out the key ID of an encrypted message . From this you 
> can get the  identification of the recipient of the message , if it's 
> someone who has publicaly  distributed his  key (keyserver , homepage 
> ...) . So even if you are unable to decode the message you  can find 
> who is the recipient of a given message . I think this is a big 
> privacy problem .

The recipient of the message is right in the "To:" header of the message.
If you anonymously remail a message, however, only the last remailer in the
chain will know to whom the message is encrypted, but the last remailer can
also just read the "To:" header.  I don't find this to be a problem at all.

> 
> The problem is carried along when you encrypt a message for multiple  
> recipients , you get the key IDs of all the recipients and same 
> problem as above .  I think something like 'blind email copy' should 
> be used , because the recipients don't have to know the identity of 
> each other .

You could just encrypt a message to different key ID's seperately, rather than
in one pass of PGP.  The would have the effect of Bcc.

- --Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMUSTJrZc+sv5siulAQHN/QP/ck5/e0+o6HFte49ht2ivN4R/xdL0r5WS
aqWSHq2CO3zxnY1ko76TQ34mA+v6oPGJ8TsfgACsRWzEOOs/8lSwZM93YOIsmrLU
obLgqu9Vgt0jS8l5AEgr82ma7yHzu03LV77jXIuOn+1Amh2uXJtVs66AO5LHbJxn
aBtSPgfCCDY=
=vp/g
-----END PGP SIGNATURE-----





Thread