On 2/20/07, Janusz A. Urbanowicz <[EMAIL PROTECTED]> wrote:
> * without having recipient pubkey it is impossible to determine the recipient
> of the message (assuming the subkey ID is not widely known)
...
If the system was designed for the real world, the encrypted message
would, by default, consi
Janusz A. Urbanowicz alex at bofh.net.pl wrote on
Tue Feb 20 15:24:40 CET 2007 :
>* it is possible to hide recipient's completely ID by using --
throw-keyid
well, not 'completely'
running gpg-list-packets or pgpdump on the encrypted message,
lists the key-type (dh or rsa), key size, and symmetr
vedaal at hush.com vedaal at hush.com
Tue Feb 20 18:16:52 CET 2007 wrote:
> running gpg-list-packets or pgpdump on the encrypted message,
lists the key-type (dh or rsa), key size, and symmetric algorithm
used
sorry,
my mistake ;-((
pgpdump doesn't list which symmetric algo,
only lists that an
NikNot schrieb:
> Unfortunately, the whole GPG, with WebOfTrust construct, makes the
> assumption that there is no need whatsoever to protect the identity of
> the secret key holder
You have, however, the possibility of using pseudonyms as UID. Only the
signers of your key would have to know about
On 2/20/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> pgpdump doesn't list which symmetric algo,
> only lists that an mdc was or wasn't used
The attacker performing large-scale traffic uses his own software that
is - so it must be presumed - capable of distilling all (to him)
usefull informat
On Mon, Feb 19, 2007 at 10:54:17AM -0800, NikNot wrote:
> On 2/19/07, Adam Funk <[EMAIL PROTECTED]> wrote:
> >Is there any reason to physically secure your *public* keyring in
> >... (Well, I suppose you might want to hide your secret identity!)
>
> Unfortunately, the whole GPG, with WebOfTrust c
On 2/19/07, Joseph Oreste Bruni <[EMAIL PROTECTED]> wrote:
> It's funny you mention this: I got into an argument with a
> "consultant" about how X.509 certificates are a privacy violation
> because your identity is encoded into the "subject" field. I kept
> asking him, "How would you know whose ce
On Feb 19, 2007, at 11:54 AM, NikNot wrote:
On 2/19/07, Adam Funk <[EMAIL PROTECTED]> wrote:
Is there any reason to physically secure your *public* keyring in
... (Well, I suppose you might want to hide your secret identity!)
Unfortunately, the whole GPG, with WebOfTrust construct, makes
