Looking for feedback on Passive Privacy System
Aaron Sherman
ajs@ajs.com
Thu Mar 15 17:44:01 2001
On Thu, Mar 15, 2001 at 12:02:44PM -0000, Marlow, Andrew (London) wrote:
> > From: Robin O'Leary [SMTP:gnupg-devel@ro.nu]
> > If you use encryption, this silent tapping is prevented since they
> > have to ask you for the key.
> [Marlow, Andrew (London)] Yes I know.
> > And when they do, GnuPG has a mechanism to show only the session
> > key for a specific message, rather than reveal your secret key.
> [Marlow, Andrew (London)] Not good enough. I don't want my message
> to be revealed except by the recipient.
If you're going to use steganography (or a subliminal channel of any
sort) to hide email, that's great.
Is that a reason to not encrypt?
If your mailer encrypts without your having to get involved, then you
can still go through all of the steganographic hoop-jumping you
wish. This gets you three things: 1) mail on the wire is encrypted so
non-authorities cannot snoop 2) you have to be told if someone wants
to tap your communications 3) you have a duress mechanism: when they
ask you to reveal the key, you do so, and they get the mail with the
subliminal channel, but no knowledge of the subliminal channel itself.
This is a Good Thing(tm)
--
Aaron Sherman
ajs@ajs.com finger ajskey@b5.ajs.com for GPG info. Fingerprint:
www.ajs.com/~ajs 6DC1 F67A B9FB 2FBA D04C 619E FC35 5713 2676 CEAF
"Do you come from a land downunder, where beer does flow and the
men chunder?" -Men at Work