Looking for feedback on Passive Privacy System

Aaron Sherman ajs at ajs.com
Thu Mar 15 17:44:01 CET 2001

On Thu, Mar 15, 2001 at 12:02:44PM -0000, Marlow, Andrew (London) wrote:

> > From:	Robin O'Leary [SMTP:gnupg-devel at ro.nu]

> > If you use encryption, this silent tapping is prevented since they
> > have to ask you for the key.

> 	[Marlow, Andrew (London)]  Yes I know.

> > And when they do, GnuPG has a mechanism to show only the session
> > key for a specific message, rather than reveal your secret key.

> 	[Marlow, Andrew (London)]  Not good enough. I don't want my message
> to be revealed except by the recipient.

If you're going to use steganography (or a subliminal channel of any
sort) to hide email, that's great.

Is that a reason to not encrypt?

If your mailer encrypts without your having to get involved, then you
can still go through all of the steganographic hoop-jumping you
wish. This gets you three things: 1) mail on the wire is encrypted so
non-authorities cannot snoop 2) you have to be told if someone wants
to tap your communications 3) you have a duress mechanism: when they
ask you to reveal the key, you do so, and they get the mail with the
subliminal channel, but no knowledge of the subliminal channel itself.

This is a Good Thing(tm)

Aaron Sherman		
ajs at ajs.com		finger ajskey at b5.ajs.com for GPG info. Fingerprint:
www.ajs.com/~ajs	6DC1 F67A B9FB 2FBA D04C  619E FC35 5713 2676 CEAF
 "Do you come from a land downunder, where beer does flow and the
  men chunder?" -Men at Work

More information about the Gnupg-devel mailing list