On Mo, Aug 20 2012, ved...@nym.hush.com wrote: > On Mon, 20 Aug 2012 09:38:49 -0400 Jens Lechtenboerger > <clou...@informationelle-selbstbestimmung-im-internet.de> wrote: > >> if a message M is encrypted to you and other >>recipients using RSA, then you are of course able to obtain the >>session key K. Now, if you suspect Alice to be a recipient then >>you download her public key from a key server and encrypt the session >>key K under her public key. If the result matches one of the >>encrypted session keys contained in M, then Alice is a recipient >>of M. > > ===== > > The one sending the message really is in control here ;-) > The sender can use hidden encrypt to ANY public key. > > i.e. if Alice is sending the message and wants to hide her > identity, > nothing prevents her from using throw-keyid with Bob's public key > instead of her own, or NIST's, or PGP Corporation's, or any onyone > else's. > [...]
I'm not sure whether I understand you correctly. If I'm not mistaken then you are referring to sender anonymity. In contrast, I interpreted the original question in terms of recipient anonymity: Bob wants to encrypt a message to some undisclosed list of recipients (say, including Alice and Eve), and nobody should be able to figure out who (else) is on the list. Clearly, the fact whether I can decrypt the message tells me whether I'm on the list or not; however, I should not be able to learn more than that. In particular, I should not be able to identify any other recipient. In that situation, my previous posting was meant to suggest that Eve (if she has access to the public RSA key of Alice used by Bob) will be able to figure out that the message was also encrypted to Alice. Thus, hidden-encrypt-to, throw-key-id, and hidden-recipient do not help here. I'd be happy to be corrected if I'm missing something, though... Best wishes Jens _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
