Looking for feedback on Passive Privacy System

[Robin O'Leary]

--VdOwlNaOFKGAtAAV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Mar 15, 2001 at 08:18:03AM -0000, Marlow, Andrew (London) wrote:
> ... While you're at it I
> suggest that you consider integrating the use of steganography with public
> key encryption.
The Passive Privacy System proposal only considers the key exchange
process.  It is hard to see how the key exchange protocol could make an
initial offer, having no shared knowledge, while also being undetectable.
So the key exchange has to be open.  What you do with the keys then is
up to you and correctly not specified by PPS.

> I live in the UK so any encrypted email I receive may now be
> the subject of an RIP decryption notice (see www.fipr.org). Failure to
> decrypt results in 2 years in jail. Because of RIP I will not openly use
> GPG/PGP unless its use can be hidden stenographically in a deniable way...
This seems a strange stance given that another part of RIP says that all
your email can be tapped at any ISP and they must not tell you.  If you
use encryption, this silent tapping is prevented since they have to ask
you for the key.  And when they do, GnuPG has a mechanism to show only the
session key for a specific message, rather than reveal your secret key.

Robin.
--=20
R.M.O'Leary <gnupg-devel@ro.nu>  PO Box 20, Swansea SA2 8YB, UK

--VdOwlNaOFKGAtAAV
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iQCVAwUBOrCoguzqYp5jhQYZAQEeIgP+MTho0pD/4HGysZNAMRhtRh4xm7Myiawo
V1roYcBWK10pODNwRRXEh1C9VKxifkeg1x3D2aWUelEpsWeIzj2Pfx8P7DOH7Aks
wkqNuQ0HzSflUh1uzXe+bgqC7Qryzq8u2zW0bzgrl4rQQ2oXOQl/3nkfJdQS5NyQ
IlprI24E4NA=
=d3+r
-----END PGP SIGNATURE-----

--VdOwlNaOFKGAtAAV--