Looking for feedback on Passive Privacy System
Marlow, Andrew (London)
MarloAnd@exchange.uk.ml.com
Thu Mar 15 13:03:00 2001
> -----Original Message-----
> From: Robin O'Leary [SMTP:gnupg-devel@ro.nu]
> Sent: Thursday, March 15, 2001 11:33 AM
> To: gnupg-devel@gnupg.org
> Subject: Re: Looking for feedback on Passive Privacy System
>
> On Thu, Mar 15, 2001 at 08:18:03AM -0000, Marlow, Andrew (London) wrote:
> > I live in the UK so any encrypted email I receive may now be
> > the subject of an RIP decryption notice (see www.fipr.org). Failure to
> > decrypt results in 2 years in jail. Because of RIP I will not openly use
> > GPG/PGP unless its use can be hidden stenographically in a deniable
> way...
> This seems a strange stance given that another part of RIP says that all
> your email can be tapped at any ISP and they must not tell you.
[Marlow, Andrew (London)] This is why many in the UK are interested
in steganography.
> If you
> use encryption, this silent tapping is prevented since they have to ask
> you for the key.
[Marlow, Andrew (London)] Yes I know.
> And when they do, GnuPG has a mechanism to show only the
> session key for a specific message, rather than reveal your secret key.
[Marlow, Andrew (London)] Not good enough. I don't want my message
to be revealed except by the recipient. That's why I encrypted it in the
first place. I don't want to be served with a notice that forces me to
reveal the plaintext which is why I want to use steganography. I believe
that session keys are more useful for secure transactions. They don't
protect you from RIP though because RIP can still force you to disclose the
session key. Damage is limited because they can only decrypt the one message
rather than all future communication. But I don't want them to decrypt
anything at all.
> Robin.
> --
> R.M.O'Leary <gnupg-devel@ro.nu> PO Box 20, Swansea SA2 8YB, UK