> For example, it's possible that this email was written by a political
> prisoner in a 3rd world country and he's used steganography to conceal a
> message to his friends and family right here in these 3 paragraphs. My
> question is, without prior agreement or access to an outside channel, how
> are his friends to know to look on the [EMAIL PROTECTED] Listserv for the
> ciphertext? No matter how well concealed (stego)or how well encrypted
> (crypto), does he have any way of notifying his friends that they should
> look here without alerting the enemy of his attempts to communicate?
Ideally, this would be handled by prearrangement, so that anyone involved
in a resistance movement or who might be a target as a political prisoner
would know where to post his messages and what keys to use so that they
could be read.
If this was not done, he could still tell his friends that he has heard
that some people embed messages in that specific location. He could
describe the software program used to do so, and that their public keys
would be used to read the message. Maybe to be "politically correct"
he could go on and say that doing this would be wrong.
Presumably this would be enough of a hint for anyone; even the bad
guys, of course, but they would not be able to tell whether any data
was actually being sent by this channel.
[Presumably the bad guys would only need to suspect, not to know for
sure -- if they really don't pay attention to human rights, well, I'm
sure the rubber hose will be cheap enough for them to buy. --Perry]
