On Mon, Feb 19, 2007 at 10:54:17AM -0800, NikNot wrote: > On 2/19/07, Adam Funk <[EMAIL PROTECTED]> wrote: > >Is there any reason to physically secure your *public* keyring in > >... (Well, I suppose you might want to hide your secret identity!) > > Unfortunately, the whole GPG, with WebOfTrust construct, makes the > assumption that there is no need whatsoever to protect the identity of > the secret key holder (and, by extension, that traffic analysis - as > opposed to the secret content analysis - is not something to be > concerned with).
That statement is definitely not true. * PGP was the first cryptosystem to hide sender's ID (when signing+encrypting), compare PEM to see the difference; * one can issue himself a key pair with pseudonym User ID the same way as with RL identity and use it normally; * without having recipient pubkey it is impossible to determine the recipient of the message (assuming the subkey ID is not widely known) * it is possible to hide recipient's completely ID by using --throw-keyid Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
