Hello Damien. Am Montag, den 31.12.2018, 12:45 +0000 schrieb Damien Goutte-Gattat: > On Mon, Dec 31, 2018 at 07:17:21AM +0100, Dirk Gottschalk via Gnupg- > users wrote: > > Yes, that's correct. Anyways, I prefer using the --hidden-recipient > > for this purpose. That prevents the disclosure of the communication > > paths with pure GPG-Packet analysis.
> You do realize that, in the case of e-mail, the communication paths
> are already disclosed by the SMTP protocol (command "RCPT TO") and
> the mail headers ("From", "To", and the like), which both are outside
> the scope of OpenPGP protection?
Yes, sure I do. But referencing the command line options, I thought he
was speaking about encryption of files. In this case, it could be of
(even if small) benefits to avoid the disclosure of the path.
> Using --hidden-recipient only protects against an hypothetic attacker
> who is somehow only able to obtain the email body (the OpenPGP
> message itself) without the surrounding metadata.
That's correct. As told, I was talking about encrypted files. If you
upload en encrypted file to a cloud service, for example, it could be a
good idea to encrypt only to hidden recipients. Security my obscurity
is not everytime a bad thing. ;)
Regards,
Dirk
--
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany
GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
